IcePick-3PC Malware Strain Steals Device IPs
January 09, 2019 / Kacy Zurkus
IcePick-3PC has impacted a range of businesses, from publishers to e-commerce, across a variety of industries, including retail and healthcare, according to researchers from The Media Trust’s digital security and operations (DSO) team. The malware strain was first identified in spring 2018 and is able to steal device IPs en masse. When it was initially detected, IcePick-3PC was used to spam device owners using phishing in a campaign that fraudulently offered gift cards from big-name retailers, such as Amazon and Walmart, in return for users sharing their personal information. In a January 9, 2019, blog post, researchers explained that a website’s third-party tools are designed to incorporate interactive web content, such as animation via HTML5, and are loaded onto client platforms by self-service agencies. In the attack, which has affected more than 100 clients, IcePick-3PC executes after malware writers successfully hijack a website’s third-party tools.