On February 1, 2022, Israeli cyber security company Security Joes issued an article about the Ice Breaker virus. By the article, researchers observed that hackers have been targeting online gaming and gambling companies with backdoors named Ice breaker. The only publicly available proof that has been discovered of the Ice Breaker threat was a tweet from Malware Hunter Team in October, which is shown below .
The Ice breaker attack
Once the Ice Breaker backdoor has been installed on the target’s device, the attacker can initiate remote shell sessions, take screenshots of the victim’s computer, steal cookies, credentials, and arbitrary files, customize the threat by using plug-ins, and run custom VBS scripts on the compromised machine.
Indicators of the attack
In this kind of hack, the visitor does not have an account on the targeted site yet they claim that they have trouble logging in. Another indicator is that the attacker sends a link to download the screenshot of the problem from an external website, rather than simply sending an image attachment. Although, the group behind these attacks remain unknown.
The conversations between Ice Breaker and support agents show that Ice Breaker is not a native English speaker and is purposefully requesting to talk with Spanish-speaking agents.
Delivering the backdoor
The threat actor contacts the target company’s customer service pretending to be a user having trouble signing in or enrolling with an online service to deploy the backdoor.
Hackers persuade the customer service representative to download a picture that more accurately explains the issue than they can. Although they have also seen it transmitted via Drop box storage, researchers claim the image is typically housed on a bogus website impersonating a reputable provider.