Trend Micro noted a new distribution trend for the IcedID botnet via Google pay-per-click (PPC) ads, aka malvertising. The adversaries behind IcedID malware erected fake websites of legitimate organizations and well-known applications to lure online users. Attackers also drop a new loader via an MSI file, which is an unusual behavior by IcedID.