Home Latest Feeds Technology News It has been revealed who is behind the Golden Chickens malware service

It has been revealed who is behind the Golden Chickens malware service

It has been revealed who is behind the Golden Chickens malware service


Cybersecurity researchers have discovered the real identity of the threat actor behind the Golden Chickens malware-as-a-service, who goes by the online persona badbullzvenom.

In an exhaustive report released after a 16-month investigation, the eSentire Threat Response Unit (TRU) wrote that they “found multiple mentions of the badbullzvenom account being shared between two individuals.” The second threat element, known as Frapstar, reportedly identified itself as “Chuck from Montreal,” allowing the cybersecurity firm to piece together the criminal’s digital footprint.

This includes your real name, pictures, address, parents, siblings and friends, as well as your social media accounts and interests. He is also said to be the sole owner of a small business that he runs from his own home.

Golden Chickens, also known as Venom Spider, is a malware-as-a-service (MaaS) provider associated with several tools such as Taurus Builder, a malicious document creation software, and More_eggs, a JavaScript downloader, which is further ” are used to serve “payloads”.

The threat element’s cyber arsenal has also been deployed by other prominent cybercriminal groups such as the Cobalt Group (aka the Cobalt Gang), Evilnum and FIN6, which have collectively caused an estimated $1.5 billion in damage.

Previous More_eggs campaigns, some of which date back to 2017, involve spearphishing business professionals on LinkedIn with fake job postings, allowing threat actors to gain remote control of the victim’s machine and exploit it to gather information or further they can install malicious software.

Last year, in a twist of sorts, corporate hiring managers were attacked with the same tactic, using malware-laden resumes as an infection vector.

The earliest documented record of Frapster’s activity dates back to May 2015, when Trend Micro described him as a “lone criminal” and luxury car enthusiast. “Chuck, who uses multiple aliases for his underground forums, social media and Jabber accounts, and the threat element claiming to be of Moldovan origin have gone to great lengths to disguise themselves,” said eSentire researchers Joe Stewart and Keegan Keplinger. “They also took great care to obfuscate the Golden Chickens malware, trying to make it undetectable to most AV companies and restricting customers to use Golden Chickens ONLY for targeted attacks,” they wrote.

Chuck is suspected to be one of two threat actors operating the badbullzvenom account on the Exploit.in underground forum, with the other party possibly located in Moldova or Romania, eSentire noted.

The Canadian cybersecurity company also said it has discovered a new attack campaign targeting e-commerce companies that tricks recruiters into downloading a fake Windows script from a website disguised as a resume.

The shortcut, a malware called VenomLNK, serves as an initial access vector to drop More_eggs or TerraLoader, which then proceeds to install various modules. These include: TerraRecon (for victim profiling), TerraStealer (for information theft) and TerraCrypt (for extorting ransomware).

“The malware package is still being actively developed and marketed to other threat actors,” noted the researchers, who urge organizations to be alert to potential phishing attempts. reported by The HackerNews.

Hardware, software, tests, interesting and colorful news from the world of IT by clicking here!



Please enter your comment!
Please enter your name here