Most recently, experts have shared some warnings of a new wave of attacks targeting the gaming and gambling sectors. A leading cybersecurity firm from Israel, Security Joes, is currently working on tracking a unique activity cluster known as Ice Breaker. This new campaign uses incredibly clever tactics to deploy a JavaScript backdoor.
The way these attacks unfold is that the hacker first poses as a customer and contacts the support staff of a gaming or gambling company. Once establishing contact is complete, the cybercriminal will work to coerce or convince the company agent to send them a screenshot of an image hosted on Dropbox. These hackers target companies that know the support system is human-operated, not robots.
Once the hacker receives the screenshot, retrieve an LNK payload or VBScript file, which acts as a backup alternative. At the same time, work is configured and downloaded on the company agent's computer, which will release an MSI package that contains a Node.js implant.
In the end, the JavaScript file features a backdoor allowing the hacker to view the codes relating to each process and make off with sensitive data, such as passwords, cookies, and other information. Experts say this malware campaign is problematic because it's highly complex and challenging to dissect, giving hackers an advantage when attacking companies.
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.
Comments