Security News > 2023 > February > Hackers use new IceBreaker malware to breach gaming companies
Hackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker.
Researchers at incident response firm Security Joes believe that the IceBreaker backdoor is a the work of a new advanced threat actor that uses "a very specific social engineering technique," which could lead to a more clear picture of who they are.
The links delivered this way lead to a ZIP archive containing malicious a LNK file that fetches the IceBreaker backdoor, or a Visual Basic Script that downloads the Houdini RAT that's been active since at least 2013.
Security Joes researchers say that the downloaded malware is "a highly complex compiled JavaScript file" that can discover running processes, steal passwords, cookies, and files, open a proxy tunnel for the attacker, as well as run scripts retrieved from the attackers' server.
The malicious LNK is the main first-stage payload delivering the IceBreaker malware, while the VBS file is used as a backup, in case the customer support operator is unable to run the shortcut.
Security Joes recommends companies suspecting a breach with IceBreaker to look for shortcut files created in the startup folder and check for unauthorized execution of the open-source tool tsocks.
News URL
Related news
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Fujitsu found malware on several systems, confirms data breach (source)