YiBackdoor: A New Malware Family With Links to IcedID and Latrodectus
Zscaler, Tuesday, September 23rd, 2025
Zscaler ThreatLabz has identified a new malware family that we named YiBackdoor, which was first observed in June 2025.
The malware is particularly interesting because it contains significant code overlaps with IcedID and Latrodectus. Similar to Zloader and Qakbot, IcedID was originally designed for facilitating banking and wire fraud. However, IcedID has since been repurposed to provide initial access for ransomware attacks. The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and IcedID during attacks. YiBackdoor enables threat actors to collect system information, capture screenshots, execute arbitrary commands, and deploy plugins.