BLOG

ChattyGoblin: A new threat to iGaming and how C8 Secure, can help

Craig Lusher, Senior Product Specialist – Secure, Continent 8 Technologies

The iGaming industry is under a new threat. A malicious campaign, dubbed “ChattyGoblin,” has been targeting Southeast Asian gambling operations since October 2021. The threat actors, backed by China, have been using chatbots to target customer support agents of these companies. This article will discuss the ChattyGoblin threat in detail and highlight how Continent 8 and C8 Secure’s products and services can help protect our customers in the iGaming industry.

The ChattyGoblin campaign was first identified by researchers at ESET. The threat actors primarily rely on Comm100 (first identified by CrowdStrike) and LiveHelp apps to carry out their attacks. In one particular attack in March 2023, a chatbot was used to target a gambling company in the Philippines. The initial dropper deployed by the attackers was written in C#, named agentupdate_plugins.exe, and was downloaded by the LiveHelp100 chat application. The dropper deploys a second executable based on the SharpUnhooker tool, which then downloads the ChattyGoblin attack’s second stage, stored in a password-protected ZIP archive. The final payload is a Cobalt Strike beacon using duckducklive[.]top as its C&C server.

The ChattyGoblin campaign is a clear example of the evolving threat landscape in the Asian iGaming industry. As the industry changes and evolves in the region, so do the motives and techniques of threat actors. This is where our products and services come into play.

We offer a range of cybersecurity solutions that can help protect our customers from threats like ChattyGoblin. Our Security Operations Center (SOC) and Security Information and Event Management (SIEM) services provide round-the-clock monitoring and threat detection. By continuously monitoring network traffic and analysing event data, our SOC/SIEM services can identify suspicious activities and respond to threats in real-time, thereby preventing or minimising damage.

In addition to our SOC/SIEM services, our Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) services provide comprehensive protection for endpoints. These services can detect and respond to threats on endpoints, such as workstations and servers, where the ChattyGoblin attack initiates. By monitoring endpoints and responding to threats quickly, we can prevent the initial dropper from deploying and stop the attack in its track and before it moves laterally.

Furthermore, our Web Application and API Protection (WAAP) service can protect web applications and APIs, which are often targeted in attacks like ChattyGoblin. By protecting these critical assets, we can prevent threat actors from exploiting vulnerabilities and gaining access to our customers’ systems.

The ChattyGoblin campaign and other similar Artificial Intelligence (AI) based attacks represent a significant threat to the iGaming industry. However, with the right security measures in place, this threat can be effectively managed. At Continent 8, we are committed to providing our customers with the highest level of protection. Our SOC/SIEM, EDR/MDR, and WAAP services are designed to detect and respond to threats quickly and effectively, ensuring our customers can operate safely and securely.

As we continue to navigate the evolving threat landscape, it is essential to stay ahead of the curve. This requires not only robust security measures but also a commitment to continuous learning and adaptation.

At Continent 8 and through C8 Secure we are dedicated to staying at the forefront of cybersecurity trends and threats, ensuring we can provide customers in the iGaming industry with the most effective and up-to-date protection. As part of this commitment, we will continue to monitor and analyse threats like ChattyGoblin, adapting our services as necessary to provide the best possible protection for our customers.

Securing a decentralized future: The importance of cybersecurity in Web3

7 Jun, 2023

The dawn of the decentralized web is upon us, and the rise of Web3 technology is a testament to this fact. Web3 is an alternative to today’s highly censored internet and is becoming increasingly popular, which calls for urgent measures to ensure that the foundation of this revolution remains secure and trustworthy.