Feb 2, 2023 / By Securium Solutions
The Cyberattack Targeting Gaming and Gambling Industry are facing a new cyberattack campaign that is being referred to as “Ice Breaker.” According to Israeli cybersecurity firm Security Joes, these attacks use sophisticated social engineering tactics to deploy a JavaScript backdoor. The attackers pose as customers and initiate a conversation with a support agent of a gaming website, urging the individual to open a screenshot image hosted on Dropbox.
Clicking the malicious link in the chat results in the retrieval of a payload that is configured to download and run an MSI package containing a Node.js implant. This implant acts as a typical backdoor, allowing the attacker to steal passwords, and cookies, exfiltrate files, take screenshots, run scripts imported from a remote server, and open a reverse proxy on the compromised host.
In some cases, the victim may also execute a VBS downloader, which leads to the deployment of the Houdini remote access trojan. The origins of the attackers and their motivations are currently unknown, but they have been observed using broken English during their conversations with customer service agents.
Felipe Duarte, a senior threat researcher at Security Joes, commented on the situation, saying, “This is a highly effective attack vector for the gaming and gambling industry. The never-seen-before compiled JavaScript second-stage malware is highly complex to dissect, showing that we are dealing with a skilled threat actor with the potential of being sponsored by an interested owner.”
It is crucial for the gaming and gambling industries to be proactive in protecting against these types of attacks. This may include implementing strong security measures, such as multi-factor authentication, regularly updating software and security systems, and educating users on how to recognize and avoid potential threats.
Author
Vineet Singh
Securium Solution Cyber Security Analyst