Malicious Chatbots Target Casinos in Southeast Asia

  /     /     /  
Publicated : 23/11/2024   Category : security


Malicious Chatbots Target Casinos in Southeast Asia


Dubbed ChattyGoblin, the China-backed actors use chatbots to scam Southeast Asian gambling companies.



A campaign dating back to October 2021 has turned its attention toward Southeast Asian gambling operations with a sneaky new tactic — targeting customer support agents with chatbots.
Researchers at ESET dubbed the campaign ChattyGoblin and traced it back to threat groups backed by China. ESET added that the threat actors rely primarily on Comm100 — which was first observed and documented by CrowdStrike — and LiveHelp apps.
ESET outlined one particular
ChattyGoblin attack
last March that used a
chatbot
to target a gambling company in the Philippines.
Written in C#, the initial dropper deployed by the attackers is named agentupdate_plugins.exe and was downloaded by the LiveHelp100 chat application, ESET noted. The dropper deploys a second C# executable based on the SharpUnhooker tool.
The SharpUnhooker tool then downloaded the ChattyGoblin attacks second stage, stored in a password-protected ZIP archive, ESET added.
The final payload is a Cobalt Strike beacon using duckducklive[.]top as its C&C server.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Malicious Chatbots Target Casinos in Southeast Asia