Contact Contact Us

IcedID Trojan Expands Scope to Include E-Commerce Vendors

IcedID trojan operators have been targeting e-commerce vendors in the US to steal access credentials and payment card data since November 2018. The malware is distributed via malspam and the Emotet downloader, which contain macro-embedded Office attachments or links to download the malicious Office documents. After the malware is installed, the attackers use the publicly available Automatic Transaction System (ATS) Engine to launch injection attacks, update injections methods, parse stolen data, and orchestrate fraudulent transactions. Using the commercial web-based control panel also reduces exposure of the malware's Command and Control server. The expanded attack scope beyond the banking sector may suggest that IcedID operators are pursuing a malware-as-a-service model to seek new revenue streams.

[1] IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883