A new version of the IcedID banking Trojan was observed by researchers as being yet another payload taking advantage of the COVID-19 pandemic for distribution. The malware is being distributed via different TTPs. This new campaign changes tactics by injecting into msiexec.exe to conceal itself and use full steganography for downloading its modules and configurations. Whereas previous versions of of IcedID injected into svchost.exe and downloaded encrypted modules and config as “.dat” files. This campaign also takes advantage of the COVID-19 pandemic by using keywords such as COVID-19 and FMLA in email sender names and attachment names. IcedID is a banking malware that performs Man-in-the-Browser attacks to steal financial information.