New malware strain IcePick-3PC has the ability to obtain IP addresses through third-party tools used by websites. Multiple e-commerce businesses and publishers in the retail and healthcare fields have already been affected. The malware was first picked up in a phishing campaign that was offering Amazon and Walmart gift cards if they provided personal information. Now, if a user stumbles upon a webpage that has a compromised third-party library, the malware runs checks. These checks consist of who the user agent is, the type of device they are operating on, the level of battery it has, and the device’s motion and orientation. After these checks are verified, the malware will connect the infected device to a remoter peer prior to transferring the device’s IP address. “Given the malware’s level of sophistication and advanced techniques, that it is likely the product of dark code from organized cybercrime rings. If this is the case, the attack on recognized publishers and e-commerce businesses might portend a larger-scale attack, or, at the minimum, the illegal trading of user information in the near future,” read a DSO blog post.
Businesses that could be affected by this malware strain should run scans on ads and their webpages for code that is not supposed to be there. They should move from managed service providers to self-service providers if possible.