Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service

admin by admin
January 27, 2023
in Ethical Hackers


Jan 27, 2023Ravie LakshmananThreat Response / Cyber Crime

Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona “badbullzvenom.”

eSentire’s Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it “found multiple mentions of the badbullzvenom account being shared between two people.”

The second threat actor, known as Frapstar, is said to identify themselves as “Chuck from Montreal,” enabling the cybersecurity firm to piece together the criminal actor’s digital footprint.

This includes his real name, pictures, home address, the names of his parents, siblings, and friends, along with his social media accounts and his interests. He is also said to be the sole proprietor of a small business that’s run from his own home.

Golden Chickens, also known as Venom Spider, is a malware-as-a-service (MaaS) provider that’s linked to a variety of tools such as Taurus Builder, software to create malicious documents; and More_eggs, a JavaScript downloader that’s used to serve additional payloads.

The threat actor’s cyber arsenal has been put to use by other prominent cybercriminal groups like Cobalt Group (aka Cobalt Gang), Evilnum, and FIN6, all of which are estimated to have collectively caused losses totaling $1.5 billion.

Golden Chickens Malware Service

Past More_eggs campaigns, some dating back to 2017, have involved spear-phishing business professionals on LinkedIn with bogus job offers that give threat actors remote control over the victim’s machine, leveraging it to harvest information or deploy more malware.

Last year, in a reversal of sorts, the same tactics were employed to strike corporate hiring managers with resumes laden with malware as an infection vector.

The earliest documented record of Frapster’s activity goes back to May 2015, when Trend Micro described the individual as a “lone criminal” and a luxury car enthusiast.

“‘Chuck,’ who uses multiple aliases for his underground forum, social media, and Jabber accounts, and the threat actor claiming to be from Moldova, have gone to great lengths to disguise themselves,” eSentire researchers Joe Stewart and Keegan Keplinger said.

“They have also taken great pains to obfuscate the Golden Chickens malware, trying to make it undetectable by most AV companies, and limiting customers to using Golden Chickens for ONLY targeted attacks.”

It’s suspected that Chuck is one of the two threat actors operating the badbullzvenom account on the Exploit.in underground forum, with the other party possibly located in Moldova or Romania, eSentire noted.

The Canadian cybersecurity company said it further uncovered a new attack campaign targeting e-commerce companies, tricking recruiters into downloading a rogue Windows shortcut file from a website that masquerades as a resume.

The shortcut, a malware dubbed VenomLNK, serves as an initial access vector to drop More_eggs or TerraLoader, which subsequently acts as a conduit to deploy different modules, namely TerraRecon (for victim profiling), TerraStealer (for information theft), and TerraCrypt (for ransomware extortion).

“The malware suite is still actively being developed and is being and sold to other threat actors,” the researchers concluded, urging organizations to be on the lookout for potential phishing attempts.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Aggregates Software Security Metadata Into A High Fidelity Graph Database

Next Post

VPN을 이용하여 어디서나 큐티파이 시청하는 방법

Next Post

VPN을 이용하여 어디서나 큐티파이 시청하는 방법

Recommended

Indian Energy Company Tata Power’s IT Infrastructure Hit By Cyber Attack

5 months ago

Beste VPN’s voor Xbox One + VPN instellen (Bijgewerkt 2022)

7 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.