New attack campaigns have targeted the gaming and gambling sector since at least September 2022. ICE London 2023 Gaming industry trade show event scheduled for next week.
The attack sequence proceeds as follows. The attacker poses as a customer in starting a conversation with her agent at the game website support, prompting the individual to open a screenshot image hosted on her Dropbox.
security jaws Said The attacker is “fully aware of the fact that customer service is run by humans.”
Clicking on a malicious link sent in chat retrieves a VBScript file as a LNK payload or backup option. The VBScript file is configured to download and run an MSI package containing a Node.js implant.
If the VBS downloader is executed by the victim, the infection will eventually lead to: Houdiniis a VBS-based remote access Trojan dating back to 2013.
The attacker’s origin is currently unknown, but he has been observed using broken English while conversing with a customer service agent. Some of the indicators of compromise (IOCs) associated with the campaign are: previously shared By MalwareHunterTeam in October 2022
Felipe Duarte, senior threat researcher at Security Joes, said: