Hackers use new IceBreaker malware to breach gaming companies

News
By published

Not the customers you want to support

An abstract image of digital security.
(Image credit: Shutterstock)

A new malware campaign targeting gaming and gambling companies has been reported and codenamed IceBreaker. 

The attackers contact the customer support section of the companies online to seemingly raise an issue. They attach a 'screenshot' to highlight their 'problem', which contains a backdoor - previously unseen by experts - to hack their endpoint.

The attacks have been reported since September 2022, and although the group behind them remains a mystery, some of their actions - such as requesting to speak to customer service agents in languages other than English - may be clues to their identity. 

TechRadar Pro needs you!
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Hiding in a JPEG

Whoever the group is, they appear to be using advanced techniques and have avoiding being exposed so far. 

Israeli cybersecurity firm Security Joes was able to stop three of their attacks after analyzing data from an incident in September 2022, but says the only public recognition of the threat actor was a single tweet from MalwareHunterTeam.

The firm also notes that the attackers have asked to speak to customer service in Spanish, although they were observed conversing in other languages as well. Regardless, Security Joes believes that English is not their first language.

The apparent attached screenshots that they send to these companies contain a LNK file but masquerades as a JPG image file. It retrieves the IceBreaker backdoor, or downloads the well-known Visual Basic Script (VBS) Houdini Rat, which has been around for a decade, from the attacker's server without any user interaction or interface required.

read more

> What is malware and how dangerous is it?


> US warns Chinese hackers have their ‘most advanced’ backdoor yet


> This Roblox Chrome extension had a sneaky security backdoor

The file is complex, compiled JavaScript, which Security Joes says can steal file and passwords, run scripts on the target's system, and open a proxy tunnel between the attacker and victim. Essentially, the backdoor gives the hackers control over the system, and what's more, can allow for further potential penetration within the company's network. 

The download that the LNK file initiates is an MSI payload containing the malware, and is poorly detected by antivirus services - Bleeping Computer reports that out of 60 scans on virus scanning website VirusTotal, the malware was only detected 4 times. 

The decoy files within the malware that feign a legitimate software signature mean that such tools do find anything wrong with it. 

Security Joes' report on IceBreaker contains adivce on how to spot the malware if you suspect it is on your system. Lookout for shortcut files created in the startup folder and opening of the open-source tsocks.exe program.

TOPICS
Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
Trojan
Hackers hide malware into website images to go unnoticed
Magnifying glass enlarging the word 'malware' in computer machine code
Microsoft Teams and AnyDesk abused to deploy dangerous malware, so be on your guard
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Juniper VPN gateways targeted by stealthy "magic" malware
A white padlock on a dark digital background.
GitHub is hiding malware disguised as games, legitimate software
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Latest in Security
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
3d rendering of a submarine power cable on the seabed
Subsea internet cables can now ‘listen’ for sabotage using irregular pulses of light
Dark Web monitoring
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
Latest in News
Garmin Instinct 3
A new Garmin study hints at the link between burning calories and happiness, and I've got good and bad news
A woman sitting in a chair looking at a Windows 11 laptop
Microsoft is supercharging Windows 11’s voice commands on Copilot+ PCs with Snapdragon CPUs, and fine-tuning a few Recall features
MacBook Air M4
Apple's rumored foldable iPad tipped to launch sooner than expected with an exciting software twist
A phone displaying the Google Messages logo
Google Messages could finally be getting this WhatsApp-style group chat feature
The Future Games Show Spring Showcase
The Future Games Show returns this week for its Spring Showcase, here's how to watch and what games to expect
NordProtect logo
Standalone identity theft protection from Nord Security is now available
More about security
Dark Web monitoring

A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
NordProtect logo

Standalone identity theft protection from Nord Security is now available
The Ryzen AI Max+ 395 could power the latest generation of powerful mini PCs

The AMD Ryzen AI Max+ 395 dominates as the "most powerful" APU on the market, but its competition is questionable
See more latest
Most Popular
The Ryzen AI Max+ 395 could power the latest generation of powerful mini PCs
The AMD Ryzen AI Max+ 395 dominates as the "most powerful" APU on the market, but its competition is questionable
Garmin Instinct 3
A new Garmin study hints at the link between burning calories and happiness, and I've got good and bad news
Roku TV on wall in living room setting
Roku tests showing ads before you even reach the home screen, and it's infuriating users
Dark Web monitoring
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
A phone displaying the Google Messages logo
Google Messages could finally be getting this WhatsApp-style group chat feature
MacBook Air M4
Apple's rumored foldable iPad tipped to launch sooner than expected with an exciting software twist
The Future Games Show Spring Showcase
The Future Games Show returns this week for its Spring Showcase, here's how to watch and what games to expect
Apple iPhone 16 Plus Review
Apple expert just tipped a load of iPhone 17 upgrades: here are 7 things we’ve learned
A woman sitting in a chair looking at a Windows 11 laptop
Microsoft is supercharging Windows 11’s voice commands on Copilot+ PCs with Snapdragon CPUs, and fine-tuning a few Recall features
Nvidia GTC 2024
Nvidia GTC 2025 - all the news and updates from Jensen Huang keynote as it happens