IBM Security Trusteer

IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites

By Kelly Lappin posted Wed February 06, 2019 10:44 AM

By Itzik Chimino; Co-authored by Limor Kessem | Ophir Harpaz 

As part of the ongoing research into cybercrime tools targeting users of financial services and e-commerce, IBM X-Force analyzes the tactics, techniques and procedures (TTPs) of organized malware gangs, exposing their inner workings to help diffuse reliable threat intelligence to the security community.

In recent analysis of IcedID Trojan attacks, our team looked into how IcedID operators target e-commerce vendors in the U.S., the gang's typical attack turf. The threat tactic is a two-step injection attack designed to steal access credentials and payment card data from victims. Given that the attack is separately operated, it's plausible that those behind IcedID are either working on different monetization schemes or renting botnet sections to other criminals, turning it to a cybercrime-as-a-service operation, similar to the Gozi Tojan's business model. 

To read the rest of the blog, please go to