A New player in the realm of banking trojan named ICEDID has recently emerged in the news worldwide. First spotted in the month of September last year, this trojan is believed to attack banks, credit/debit card providers, e commerce websites, etc. The major countries targeted by this malicious program include the US, UK and Canada.
Interestingly, unlike several other cyber threats, this malware doesn’t appear to adopt code from similar programs, which makes it new in the market.
ICEDID works by setting up a local proxy and redirects all the incoming traffic of the victim’s computer through this proxy which is called as a redirection attack. This is how it intercepts the communication happening on victim’s computer and get it hands on all the sensitive information like banking credentials, payment card information and webmail credentials.
The redirection process used by this Trojan is quite seamless which makes it hard for the user to detect any changes. Keeping a live connection with the legitimate website of the bank, this trojan displays the legitimate URL and SSL certificate of the bank while the redirection takes place.
Other than redirection, this Trojan also works by Web Injection – a process in which a browser is injected that displays fake content overlaid on the top of the legitimate page. This injected page displays content similar to the original website, which makes the user unknowingly enter their credentials which are then sent to the attacker’s server. This technique is used for attacking banking portals.
You can also read our post on Hummer – A New Android Trojan Malware that Raises the Alarm!