January 27, 2023Rabbi LakshmananThreat Response / Cyber ​​Crime

Cybersecurity researchers have discovered the real-world identity of the threat actor behind it golden chicken Malware-as-a-service using the online persona “badbullzvenom”.

eSentire’s Threat Response Unit (TRU) is an in-depth report published after a 16-month investigation, Said “We found multiple mentions of the badbullzvenom account being shared by two people.”

A second threat actor, known as Frapstar, is said to call itself “Chuck of Montreal” to help cybersecurity firms piece together the digital footprints of criminals.

This includes his real name, picture, home address, names of his parents, siblings, friends, social media accounts and interests. He is also said to be a sole proprietor of a small business he runs from his home.

Also called golden chicken Venom Spideris a malware-as-a-service (MaaS) provider that has been linked to various tools such as Taurus Builder, a software that creates malicious documents. More_eggs is a JavaScript downloader used to deliver additional payloads.

The threat actor’s cyberweapon has been used by other prominent cybercriminal groups such as: cobalt group (aka Cobalt Gang), Evilnum, and FIN6, all of which are estimated to have caused $1.5 billion in combined losses.

Golden Chickens Malware Service

Some of the past More_eggs campaigns Dating back to 2017was involved spear fishing business professionals On LinkedIn, it provides fake job postings that allow threat actors to remotely control a victim’s machine, which it uses to gather information and even deploy malware.

Last year, in a reversal of sorts, the same tactic was employed, with corporate recruiters being attacked with résumés that contained malware as an infection vector.

The earliest record of Frapster activity dates back to May 2015 by Trend Micro. explained Individuals as “lone criminals” and luxury car enthusiasts.

“Using multiple aliases for underground forums, social media, and Jabber accounts, ‘Chuck’ and threat actors claiming to be from Moldova have gone to great lengths to disguise themselves,” said eSentire. researchers Joe Stewart and Keegan Keplinger said.

“They also went to great lengths to obfuscate the Golden Chickens malware, making it undetectable by most AV companies and restricting customers to using Golden Chickens for targeted attacks only.”

Chuck is suspected to be one of two threat actors operating the badbullzvenom account on the Exploit.in underground forum, possibly in Moldova or Romania, eSentire points out .

A Canadian cybersecurity firm said it had uncovered yet another new attack campaign targeting e-commerce companies, tricking recruiters into downloading malicious Windows shortcut files from websites masquerading as resumes.

Shortcut, a malware called VenomLNK, acts as an initial access vector to drop More_eggs or TerraLoader, which is then followed by TerraRecon (for victim profiling), TerraStealer (for information stealing) and TerraCrypt (for victim profiling). It acts as a conduit for deploying various modules. ransomware extortion).

“This malware suite is still in active development and is being sold to other threat actors,” the researchers conclude, urging organizations to be on the lookout for potential phishing attacks.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog