ICEPick-3PC malware compromises third-party tools to steal Android IPs

[silversurfer]

A new malware dubbed ICEPick-3PC is stealing device IP addresses en masse since at least spring 2018.

The malware executes after its authors hijack a website’s third‐party tools which are often pre-loaded onto client platforms by self-service agencies and are designed to incorporate interactive web content, such as animation via HTML5, The Media Trust said in a Jan. 9 blog post.

As a result of the malware’s infection techniques, researchers recommend advertising agencies and marketers reconsider moving from managed services to self-service platforms.

If a user visits a website with a compromised third-party library the malware runs a series of checks on a user’s device before running.

Once accessed, the malware conducts checks on the user agent, device type, mobile operating system, battery level, device motion and orientation, and a check on the referrer to avoid known malware scanners.  

After the checks are completed the malware makes an RTC peer connection between the infected device and a remote peer before sending the extracted device’s IP to the attacker.

Source: https://www.scmagazine.com/home/security...ring-2018/