Hackers use new IceBreaker malware to breach gaming companies

Not the customers you want to support

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A newmalwarecampaign targeting gaming and gambling companies has been reported and codenamed IceBreaker.

The attackers contact the customer support section of the companies online to seemingly raise an issue. They attach a ‘screenshot’ to highlight their ‘problem’, which contains a backdoor - previously unseen by experts - to hack theirendpoint.

The attacks have been reported since September 2022, and although the group behind them remains a mystery, some of their actions - such as requesting to speak to customer service agents in languages other than English - may be clues to their identity.

TechRadar Pro needs you!We want to build a better website for our readers, and we need your help! You can do your bit by filling outour surveyand telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Hiding in a JPEG

Whoever the group is, they appear to be using advanced techniques and have avoiding being exposed so far.

Israeli cybersecurity firm Security Joes was able to stop three of their attacks after analyzing data from an incident in September 2022, but says the only public recognition of the threat actor was asingle tweet from MalwareHunterTeam.

The firm also notes that the attackers have asked to speak to customer service in Spanish, although they were observed conversing in other languages as well. Regardless, Security Joes believes that English is not their first language.

The apparent attached screenshots that they send to these companies contain a LNK file but masquerades as a JPG image file. It retrieves the IceBreaker backdoor, or downloads the well-known Visual Basic Script (VBS) Houdini Rat, which has been around for a decade, from the attacker’s server without any user interaction or interface required.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

What is malware and how dangerous is it?

US warns Chinese hackers have their ‘most advanced’ backdoor yet

This Roblox Chrome extension had a sneaky security backdoor

The file is complex, compiled JavaScript, which Security Joes says can steal file and passwords, run scripts on the target’s system, and open a proxy tunnel between the attacker and victim. Essentially, the backdoor gives the hackers control over the system, and what’s more, can allow for further potential penetration within the company’s network.

The download that the LNK file initiates is anMSIpayload containing the malware, and is poorly detected byantivirusservices - Bleeping Computer reports that out of 60 scans on virus scanning website VirusTotal, the malware was only detected 4 times.

The decoy files within the malware that feign a legitimate software signature mean that such tools do find anything wrong with it.

Security Joes' report on IceBreakercontains adivce on how to spot the malware if you suspect it is on your system. Lookout for shortcut files created in the startup folder and opening of the open-source tsocks.exe program.

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success