The Cybersecurity and Infrastructure Security Agency (CISA) has released a new report on an infostealer called ICONICSTEALER, which is a variant of malware that was used in the supply chain attack against 3CX’s Desktop App. The submission included one unique file, which was identified as a variant of ICONICSTEALER.
Furthermore, The primary objective of this malware is to steal sensitive data from a victim user’s web browser and make it available for exfiltration by a separate malicious component.
CISA has revealed that the attackers behind the supply chain attack targeted the software vendor 3CX and compromised their update server to distribute the malware. The report further states that the malware was signed with a legitimate digital certificate issued to 3CX, which enabled it to bypass security checks.
At the same time, according to the report, ICONICSTEALER is a well-established malware strain that has been around since 2020 and is primarily used in targeted attacks against organizations in the healthcare, finance, and technology sectors.
The malware has been seen to be distributed via spam campaigns, phishing emails, and exploit kits.
The report highlights the need for organizations to maintain strong security practices, including multi-factor authentication, network segmentation, and regular backups.
CISA also recommends that organizations regularly update their security software and limit user privileges to reduce the risk of malware infections.
