YiBackdoor malware linked to IcedID and Latrodectus
Summary
Hide β²
Show βΌ
A new malware family, YiBackdoor, has been identified with significant code overlaps with IcedID and Latrodectus. This malware can execute arbitrary commands, collect system information, capture screenshots, and deploy plugins. It was first detected in June 2025 and may be used as a precursor to ransomware attacks. Limited deployments suggest it is under development or testing. YiBackdoor employs rudimentary anti-analysis techniques and injects its core functionality into the svchost.exe process. It achieves persistence through the Windows Run registry key and uses an embedded encrypted configuration to establish command-and-control (C2) communication. YiBackdoor's capabilities include system metadata collection, screenshot capture, command execution via cmd.exe and PowerShell, and plugin management. The malware's limited functionality can be expanded through additional plugins.
Timeline
-
24.09.2025 14:28 π° 1 articles Β· β± 3h ago
YiBackdoor malware linked to IcedID and Latrodectus
A new malware family, YiBackdoor, has been identified with significant code overlaps with IcedID and Latrodectus. This malware can execute arbitrary commands, collect system information, capture screenshots, and deploy plugins. It was first detected in June 2025 and may be used as a precursor to ransomware attacks. Limited deployments suggest it is under development or testing. YiBackdoor employs rudimentary anti-analysis techniques and injects its core functionality into the svchost.exe process. It achieves persistence through the Windows Run registry key and uses an embedded encrypted configuration to establish command-and-control (C2) communication. YiBackdoor's capabilities include system metadata collection, screenshot capture, command execution via cmd.exe and PowerShell, and plugin management. The malware's limited functionality can be expanded through additional plugins.
Show sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28
Information Snippets
-
YiBackdoor shares significant code overlaps with IcedID and Latrodectus.
First reported: 24.09.2025 14:28π° 1 source, 1 articleShow sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28
-
YiBackdoor can execute arbitrary commands, collect system information, capture screenshots, and deploy plugins.
First reported: 24.09.2025 14:28π° 1 source, 1 articleShow sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28
-
YiBackdoor was first identified in June 2025.
First reported: 24.09.2025 14:28π° 1 source, 1 articleShow sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28
-
YiBackdoor may be used as a precursor to ransomware attacks.
First reported: 24.09.2025 14:28π° 1 source, 1 articleShow sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28
-
YiBackdoor employs rudimentary anti-analysis techniques to evade virtualized and sandboxed environments.
First reported: 24.09.2025 14:28π° 1 source, 1 articleShow sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28
-
YiBackdoor injects its core functionality into the svchost.exe process.
First reported: 24.09.2025 14:28π° 1 source, 1 articleShow sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28
-
YiBackdoor achieves persistence through the Windows Run registry key.
First reported: 24.09.2025 14:28π° 1 source, 1 articleShow sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28
-
YiBackdoor uses an embedded encrypted configuration to establish C2 communication.
First reported: 24.09.2025 14:28π° 1 source, 1 articleShow sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28
-
YiBackdoor's capabilities include system metadata collection, screenshot capture, command execution via cmd.exe and PowerShell, and plugin management.
First reported: 24.09.2025 14:28π° 1 source, 1 articleShow sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28
-
YiBackdoor's limited functionality can be expanded through additional plugins.
First reported: 24.09.2025 14:28π° 1 source, 1 articleShow sources
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus β thehackernews.com β 24.09.2025 14:28