Ice Breaker Malware Used to Hack Gaming and Gambling Companies

MakeUseOf

By Katie Rees

Published Feb 1, 2023

Hackers are using Ice Breaker malware to attack the gaming and gambling industry.

Hackers are targeting gaming and gambling platforms using the Ice Breaker backdoor and social engineering methods.

Ice Breaker Malware Puts Gaming and Gambling Companies at Risk

A malicious campaign stretching back to September 2022 is targeting gaming and gambling platforms using social engineering.

On February 1, 2023, Israeli cybersecurity firm Security Joes published a post regarding Ice Breaker malware and its use in a months-long campaign that took place just a few months before ICE 2023. This event will bring together thousands of gaming enthusiasts between February 7 and 9 2023. As you may have guessed, the malware gets its name from the event itself.

In this social engineering-based attack, the malicious operator impersonates a customer in order to deploy the backdoor.

The IceBreaker Attack Method is "Cunning and Wise"

red lock in front of numerical code on laptop — Image Credit: Blogtrepreneur/Flickr

In the Security Joes post, the Ice Breaker malware (dubbed "Ice Breaker APT") was described as "cunning and wise", with the ability to hack platforms using a backdoor. But first, the operator must persuade the target to open a LNK or ZIP file. At this point, the attacker is "only steps away from harvesting credentials, open a reverse shell and start the 2nd stage of the attack."

There are various indicators that Security Joes listed for this kind of hack, including the visitor not having an account on the targeted site despite claiming that they're having trouble logging in. Another indicator is the attacker sending a link to download the screenshot of the problem from an external website, rather than simply sending an image attachment.

Once the attacker deploys the Ice Breaker backdoor, the attacker can take screenshots of the victim's machine, steal credentials, cookies, and arbitrary files, conduct customization via plugins to extend the threat, run custom VBS scripts in the infected machine, and generate remote shell sessions.

The Unique Ice Breaker Method May Help to Identify the Operators

In the aforementioned Security Joes post, the company's Senior Threat Researcher, Felipe Duarte, stated that "Ice Breaker is using a very specific social engineering technique that somewhat sacrifices their identity". Security Joes CEO and malware researcher Ido Naor also stated in the piece that "In the past, threat actors and ransomware groups gave up their location identifiers by making grammar mistakes as they interacted with our experts."

So, there are ways in which the true identities of these malicious Ice Breaker operators can be uncovered. Security Joes informed readers that it is "interested in sharing the information [it has] with infosec community and the IT security of the gambling/gaming industry" as ICE 2023 fast approaches.

Security Joes Continues to Investigate Ice Breaker

Security Joes has already stopped a number of Ice Breaker attacks and is continuing to investigate the campaign to identify the operators and put a stop to the malicious venture altogether. Hopefully, the firm will find success in tackling Ice Breaker, and ICE 2023 will go on without any cybersecurity incidents.