IcedID malware spread through fake copyright infringement threats

BleepingComputer reports that fake copyright infringement warnings using Yandex Forms are being leveraged for IcedID malware distribution. Threat actors impersonating Zoho have sent BleepingComputer a copyright infringement complaint noting that the site has been using copyrighted images and that the proof of the violation could be checked through a Yandex Forms link, instead of Google Drive or Google Sites. Clicking the Yandex Forms link in the complaint would redirect to a webpage with a "File 'Stolen Images Evidence' is ready for download" message that would eventually result in the download of an ISO file with the "Stolen_ImagesEvidence.iso" filename. Users double-clicking on the downloaded file will be shown a new drive letter with a "documents" folder and a random DLL file, with the folder being a Windows shortcut that would trigger the execution of a malicious DLL loader for IcedID upon double-clicking. Individuals receiving copyright complaints have been advised to be more vigilant and leverage VirusTotal for suspicious file scanning.