A campaign dating back to October 2021 has turned its attention toward Southeast Asian gambling operations with a sneaky new tactic — targeting customer support agents with chatbots.
Researchers at ESET dubbed the campaign “ChattyGoblin” and traced it back to threat groups backed by China. ESET added that the threat actors rely primarily on Comm100 — which was first observed and documented by CrowdStrike — and LiveHelp apps.
ESET outlined one particular ChattyGoblin attack last March that used a chatbot to target a gambling company in the Philippines.
“Written in C#, the initial dropper deployed by the attackers is named agentupdate_plugins.exe and was downloaded by the LiveHelp100 chat application,” ESET noted. “The dropper deploys a second C# executable based on the SharpUnhooker tool.”
The SharpUnhooker tool then downloaded the ChattyGoblin attack’s second stage, stored in a password-protected ZIP archive, ESET added.
“The final payload is a Cobalt Strike beacon using duckducklive[.]top as its C&C server.”
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoAiStream. Web3 Data Intelligence. Knowledge Amplified. Access Here.
- Minting the Future w Adryenn Ashley. Access Here.
- Buy and Sell Shares in PRE-IPO Companies with PREIPO®. Access Here.
- Source: https://www.darkreading.com/threat-intelligence/malicious-chatbots-target-casinos
- :has
- :is
- $UP
- 10
- 2021
- 27
- 40
- 7
- a
- actors
- added
- agents
- and
- Application
- apps
- Archive
- AS
- asia
- asian
- At
- attack
- attention
- back
- backed
- based
- beacon
- breach
- by
- Campaign
- Casinos
- chatbots
- China
- Cobalt
- company
- customer
- Customer Support
- Cybersecurity
- daily
- data
- data breach
- Dating
- delivered
- deployed
- deploys
- dubbed
- emerging
- final
- First
- Gambling
- Group’s
- HTTPS
- in
- information
- initial
- IT
- ITS
- jpg
- Last
- latest
- March
- MPL
- Named
- New
- noted
- october
- on
- ONE
- Operations
- or
- outlined
- particular
- Philippines
- plato
- Plato Data Intelligence
- PlatoData
- primarily
- rely
- right
- s
- Second
- Sneaky
- Southeast Asia
- Stage
- stored
- strike
- subscribe
- support
- Target
- targeting
- that
- The
- The Philippines
- then
- threat
- threat actors
- threats
- to
- tool
- toward
- Trends
- Turned
- used
- using
- Vulnerabilities
- was
- weekly
- which
- with
- written
- Your
- zephyrnet
- Zip
