Icerat

IceRAT is a malicious software, or malware, that operates more like a backdoor than a remote access Trojan on compromised devices. It's written in JPHP and can infiltrate systems through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The Indicators of Compromise (IoC) include malicious hashes associated with files named g2m.dll and Midjourney.7z. The malware has been observed in campaigns employing malicious ads containing links to executable files serving Rilide, Vidar, IceRAT, and Nova Stealers. Users who interact with these malware-serving ads could unknowingly download and deploy harmful files onto their devices, including Rilide Stealer, Vidar Stealer, IceRAT, and Nova Stealer. This method of distribution is particularly insidious as it leverages common online activities to spread its payload. In addition to its primary function, IceRAT infections also act as a gateway for secondary infections such as crypto miners and information stealers. These secondary infections latch onto login credentials and other sensitive information from victims, further exacerbating the damage caused by the initial breach. As such, IceRAT presents a significant threat to both individual users and organizations due to its multifaceted approach to compromising systems and stealing valuable data.