IceXLoader Malware

The IceXLoader Malware is a threat designed to be deployed in the early or mid stages of threatening infection. Cybercriminals use loader-type malware as a bridge between the initial infection and the final payloads delivered to the breached device. As such, IceXLoader's main purpose is to deliver a specified malware that matched the end goals of its cybercriminal operators.

IceXLoader is created using the Nim programming language and according to its developers, the threat can evade being detected by multiple anti-malware and security solutions, including the Windows Defender. Once fully established on the targeted device, the threat will proceed to collect various system details. The gathered data consists of device name, CPU, GPU, username, admin privilege status, the installed anti-malware products and more.

In general, loaders can deliver or sorts of malware payloads and components ranging from specialized infostealers to ransomware threats that will lock nearly all of the data found on the targeted system. When it comes to IceXLoader in particular, infosec experts have observed the threat being used to fetch and deploy the DarkCrystal RAT and an unknown crypto-miner to generate Monero (XMR). RATs (Remote Access Threats) can establish backdoor access to the beached system and allow the attackers to perform a wide range of intrusive actions. Crypto-miners, on the other hand, are designed specifically to hijack the victim's hardware resources and use all of the available capacity to mine for a chosen cryptocurrency.