Geeks for your information
ICEPick-3PC malware compromises third-party tools to steal Android IPs - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: ICEPick-3PC malware compromises third-party tools to steal Android IPs (/showthread.php?tid=5036)



ICEPick-3PC malware compromises third-party tools to steal Android IPs - silversurfer - 10 January 19

Quote:A new malware dubbed ICEPick-3PC is stealing device IP addresses en masse since at least spring 2018.

The malware executes after its authors hijack a website’s third‐party tools which are often pre-loaded onto client platforms by self-service agencies and are designed to incorporate interactive web content, such as animation via HTML5, The Media Trust said in a Jan. 9 blog post.

As a result of the malware’s infection techniques, researchers recommend advertising agencies and marketers reconsider moving from managed services to self-service platforms.

If a user visits a website with a compromised third-party library the malware runs a series of checks on a user’s device before running.

Once accessed, the malware conducts checks on the user agent, device type, mobile operating system, battery level, device motion and orientation, and a check on the referrer to avoid known malware scanners.  

After the checks are completed the malware makes an RTC peer connection between the infected device and a remote peer before sending the extracted device’s IP to the attacker.

Source: https://www.scmagazine.com/home/security-news/a-new-malware-dubbed-icepick-3pc-is-stealing-device-ip-addresses-en-masse-since-at-least-spring-2018/