Security News > 2023 > February > Hackers use new IceBreaker malware to breach gaming companies

Hackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker.

Researchers at incident response firm Security Joes believe that the IceBreaker backdoor is a the work of a new advanced threat actor that uses "a very specific social engineering technique," which could lead to a more clear picture of who they are.

The links delivered this way lead to a ZIP archive containing malicious a LNK file that fetches the IceBreaker backdoor, or a Visual Basic Script that downloads the Houdini RAT that's been active since at least 2013.

Security Joes researchers say that the downloaded malware is "a highly complex compiled JavaScript file" that can discover running processes, steal passwords, cookies, and files, open a proxy tunnel for the attacker, as well as run scripts retrieved from the attackers' server.

The malicious LNK is the main first-stage payload delivering the IceBreaker malware, while the VBS file is used as a backup, in case the customer support operator is unable to run the shortcut.

Security Joes recommends companies suspecting a breach with IceBreaker to look for shortcut files created in the startup folder and check for unauthorized execution of the open-source tool tsocks.

News URL

https://www.bleepingcomputer.com/news/security/hackers-use-new-icebreaker-malware-to-breach-gaming-companies/