Ice IX Malware Variant Steals Facebook Users’ Credit Card Details

Modified malware uses a web injection to imitate Facebook and ask for personal details

Researchers at security firm Trusteer have discovered a modified version of the Ice IX malware which spoofs Facebook pages to grab credit card details and social security numbers.

They also found that the malware’s developers had released a “marketing” video to demonstrate how to use its web injection tool.

A favourite target of fraudsters

“The global reach and scale of the Facebook service has made it a favourite target of fraudsters,” Trusteer’s CTO Amit Klein said in a blog post, adding that criminals had recently stolen e-cash vouchers and sold bulk user login credentials.

Such security incidences will be of particular concern to Facebook leading up to its initial public offering. Potential investors may be put off if the social networking giant cannot effectively clamp down on reputation-damaging malware and spam.

The new Zeus-based Ice IX configuration uses a web injection to create a fake Facebook page, on which a user is told to fill in his/her cardholder name, credit or debit card number, card identification number and card expiry date.

The spoof page reads: “In order to provide you with extra security, we occasionally need to ask for additional information. We need to verify your identity with a credit or debit card.”

Trusteer points out that in the “marketing” video, in which developers try to sell the web injection to fraudsters, the spoof may also ask for a user’s date of birth and social security number.

“This video illustrates the seamless sophistication of pre-built webinjects that are readily available for purchase on the internet,” Klein said. “It also demonstrates how accomplished criminals are at marketing their malware products.

“By attacking Facebook and other ubiquitous social networks fraudsters can tap a massive pool of victims. They can also use the information harvested from social network users to perpetuate fraud on multiple in fronts including online banking, retail, and even to penetrate enterprise and government networks.”

Think you know security? Test your knowledge with our quiz.