In this article, Evgeny Zaretskov, Group Chief Information Security Officer, SOFTSWISS addresses how iGaming operators are being robbed and why they are the prime targets for infostealers.

Accessing and stealing credentials

Imagine this: Your back-office admin account, the keys to your iGaming kingdom, sold for a mere $10 on a dark web forum.

The buyer? A cyber-criminal who didn’t need to breach your network — they simply purchased your credentials from an infostealer log leaked weeks ago.

This isn’t a hypothetical scenario but a growing reality in today’s digital landscape.

According to the Check Point Cyber Security Report 2025, 90% of breached companies had previous corporate credentials leaked in a stealer log, which is a stark reminder that once login details fall into the wrong hands, attackers gain an easy foothold.

For online casinos, sports betting platforms and other digital gambling entities, the threat isn’t just about stolen player data, it’s about cyber-criminals gaining control over the very systems that power your operations.

The silent threat on every device

Infostealers are stealthy malware programs designed to exfiltrate sensitive data from infected endpoints — laptops, desktops or mobile devices.

Unlike ransomware, which often announces itself with file encryption and demands for payment, infostealers operate discreetly.

They focus on:

• Privileged credentials: Usernames, passwords and cryptocurrency wallet data stored on compromised devices
• Browser artifacts and session cookies: Saved logins, authentication tokens and cookies that can yield direct access to back-office or management dashboards
• Local files and configuration data: Screenshots, system logs or confidential documents that reveal network architectures and critical server details

Once harvested, these “digital keys” are often sold on dark web marketplaces or used immediately to breach corporate networks, posing a significant threat to iGaming operators who rely on continuous uptime and uncompromised trust.

Why are iGaming operators prime targets?

Historically, cybersecurity efforts in the iGaming sector have cantered on safeguarding player information and payment transactions.

However, modern infostealer campaigns now set their sights on core back-office infrastructure.

A single compromised device, whether that be it a personal laptop used for remote admin tasks or an unsecured corporate endpoint, can lead to:

Unauthorized privileged application access

• Attackers can gain direct control over administrative interfaces, manipulate odds, siphon funds, or disrupt live games
• With privileged credentials, they effectively become “insiders,” potentially accessing everything from back-office casino portals to payment systems

Operational downtime and ransomware threats

• Using stolen credentials, intruders can deploy secondary malware that halts critical services or even encrypt entire production environments — demanding a ransom to restore operations
• Every minute of downtime costs operators significant revenue and can permanently scar their reputation

Exploiting crypto payment integrations

• Many iGaming operators now allow cryptocurrency deposits and withdrawals for speed and convenience
• While these gateways can enhance user experience, they also create new attack vectors
• Once infostealers grant criminals privileged access, bad actors can directly tap into crypto pay-out modules — funnelling funds to external wallets in near real-time
• Because blockchain transactions are decentralized and harder to trace or reverse, these illicit transfers often vanish without leaving much of a trail, making iGaming operators an enticing target for swift, untraceable profit

Damage to trust

• Even a brief intrusion erodes player confidence and invites regulatory scrutiny
• In a highly competitive market like iGaming, trust and brand integrity are paramount for sustaining user loyalty