A new attack campaign has targeted the gaming and gambling sectors since at least September 2022, just months prior to the ICE London 2023 gaming industry trade fair event that’s scheduled next week.
Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript backdoor.
The attack sequence proceeds as follows: The threat actor poses as a customer while initiating a conversation with a support agent of a gaming website and urges the individual on the other end to open a screenshot image hosted on Dropbox.
Security Joes said that the threat actor is “well-aware of the fact that the customer service is human-operated.”
Clicking the malicious link sent in the chat leads to the retrieval of an LNK payload or, alternatively, a VBScript file as a backup option, the former of which is configured to download and run an MSI package containing a Node.js implant.
