IcedID malware forced to use Yandex Forms amid fake copyright complaints
Website owners are being focused on fake copyright infringement complaints that make use of Yandex Forms to give out the IcedID banking malware. This incident has been taking place for over a year now where the threat player who is tracked as TA578 has been managing these attacks where they use a website’s contact page to send legal threats for convincing the recipients to download a report of a material that is offending.
All these reports contain proof of DDoS copyrighted material that is used without permission and instead damages the device of the one who is targeted with various malware including BazarLoader, BumbleBee, and IcedID.
This week too, a copyright infringement threat has been received by BleepingComputer pretending to be from Zoho, which states they are using Zoho’s copyright images. The frauds use Yandex forms now, which is a free service that allows users to create customized online forms. It can also be used by frauds to create phishing landing pages.
When a user clicks on the forms, the link Yandex.com in the copyright complaint, they are brought to a webpage that states, “File ‘Stolen Images Evidence’ is ready for download.’ The Yandex Form will download an ISO file after a few minutes which will be named ‘Stolen_ImagesEvidence.iso’ from an embedded firebasesstorage.googlepics.com link in the Yandex Form.