The gaming and gambling industries are under attack from a new campaign known as “Ice Breaker”. This cyberattack campaign has been targeting these industries since September 2022, just ahead of the upcoming 2023 ICE London gaming industry trade fair event.

An Israeli cybersecurity firm, Security Joes, is closely monitoring the “Ice Breaker” activity. According to their findings, the intrusions use social engineering tactics to deploy a JavaScript backdoor. The attackers pretend to be a customer and start a conversation with a support agent of a gaming website. They then ask the support agent to open a screenshot image hosted on Dropbox, which, if clicked, leads to the retrieval of a harmful LNK payload.

The JavaScript file contains the typical features of a backdoor, such as the ability to steal passwords and cookies, exfiltrate files, take screenshots, and even open a reverse proxy on the infected host.

The origins of the attackers are still unknown, but they have been seen using broken English during their conversations with customer service agents. MalwareHunterTeam shared some indicators of compromise (IoCs) associated with this campaign back in October 2022.

According to Felipe Duarte, a senior threat researcher at Security Joes, the gaming and gambling industry is vulnerable to a highly effective type of attack. The malware used in this particular attack is extremely complicated, suggesting that the attackers behind it have a great deal of expertise and may be backed by someone with a vested interest.

Found this article interesting? You can follow us on Instagram or LinkedIn to stay up-to-date with the exclusive content we post.

0 Shares:
Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like