A new iteration of the Ice IX malware has been spotted attacking Facebook users, according to researchers at Trusteer, who claim that now the malware is trying to swindle unsuspecting users out of sensitive information like credit card numbers and addresses.
After launching a web injection, the attacker deceives victims by directing them to a fake Facebook page that requests credit card information “in order to provide you with extra security.” The fake page, which pops up after users have logged in, asks for a name, address, and credit card number, along with the card’s expiration date and identification number.
In a blog post, Trusteer CTO Amit Klein also posted several screenshots from a video found by researchers on an underground forum that describes, in depth, how to launch fake web injections to attack Facebook users.
Attacking Facebook users has become the new gold standard for cybercriminals. The site, now more popular than ever, has been a lightning rod for scams, worms, phishing and adware in the last few years.
Attacks stemming from Ice IX however, are a relatively recent development. As a bot, Ice IX was based on the leaked Zeus source code and like Zeus, designed to steal banking credentials. Jorge Mieres, a malware analyst with Kaspersky Lab, first blogged about Ice back in August and noted the bot was fetching up to $1800 in underground markets.