ICEPick Hacks Stab The Heart Of Your Device

The name of this latest malware strain is a bit chilling. ICEPick-3PC was recently discovered by the Digital Security & Operations (DSO) team of The Media Trust, a digital risk management company. Not long ago, the team came across ICEPick-3PC, a malware strain that goes into action after a website has its third-party tools hacked. The sneaky element first discovered allowing these ICEPick-3PC hacks is a classic email phishing attack. The phishing emails offer recipients a free gift card from major retailers like Amazon and Walmart. All one has to do is provide some personal information and the gift card is on its way! PS…There are no gift cards, and your IP (Internet Protocol) address has just been hijacked.

Third-party software includes programs created by companies other than the operating system developers and are used by countless businesses for many different purposes. Some third-party software already has malware installed on it, which then infects devices. In this case, ICEPick-3PC prompts the malware using phishing attacks. According to a DSO researcher, the ice-cold heart of ICEPick-3PC is “…this malware has overcome such hurdles and even breaks through VPNs in order to intercept IPs, it enables bad actors to identify users’ device vulnerabilities, and leaves the devices wide open for exploit targeting and potential future attacks.” Keeping devices safe from ICEPick-3PC requires commitments to educate users about phishing emails and using safety measures against harmful third-party software.

• Thoroughly vet third-party software creators to establish their credibility for creating “clean” software. Also, regularly scan systems for malicious code.
• Check before you click. Unless you’re 100% sure the email is from a trusted source, do some investigating. A minute or two spent confirming a sender can avoid a ton of headaches for you and your employer.
• Never download files, click attachments or follow links in an email–especially if you can’t verify the sender. Attachments and files can be full of malware. Links to websites can’t be trusted and can lead to bogus sites designed to steal your sensitive information.
• Avoid clicking on pop-ups as they also contain malware. Close the pop-up using the “x” found in a corner of the pop-up and never click on “unsubscribe” buttons–they can also hold malware.
• Keep informed about the latest scams and trends of email phishing. Employers benefit greatly by ongoing cybersecurity training and education for employees.

So why is it significant that they steal IP addresses? Well, stealing an IP address allows hackers to launch future attacks against devices.

Stickley on Security
February 23, 2019