The notorious hacking group, known as Golden Chickens, has been linked to the recent emergence of two sophisticated malware families named TerraStealerV2 and TerraLogger. These developments indicate an ongoing refinement and diversification of the group’s malware arsenal, which has raised concerns among cybersecurity experts.
The Recorded Future Insikt Group identified TerraStealerV2 as a tool crafted to harvest sensitive data such as browser credentials, cryptocurrency wallet information, and details pertaining to browser extensions. Meanwhile, TerraLogger operates as a standalone keylogger, utilizing a low-level keyboard hook designed to record keystrokes and store the logs on local files.
Golden Chickens, also recognized by the alias Venom Spider, is a financially motivated group active since at least 2018, known for its malware-as-a-service (MaaS) model. Recently attributed to an online persona known as badbullzvenom, it is believed that individuals from Canada and Romania are behind this nefarious activity.
In light of previous reports, including findings from Zscaler ThreatLabz, the current iterations of the Golden Chickens’ malware emphasize ongoing developments to enhance its capabilities. TerraStealerV2 is reported to be distributed through various formats, including executable files (EXEs) and Windows Installer packages (MSI), with a payload delivered as an OCX file sourced from the external domain “wetransfers.io”.
The data captured by TerraStealerV2 is exfiltrated to both Telegram and the aforementioned domain, employing trusted Windows utilities to evade detection. Though designed to collect valuable data, it does not appear to bypass new application protections. This revelation signals that the malware code may still be in development, as it has not kept pace with updates to security features.
As Golden Chickens continues to innovate, it coincides with the rise of other stealer malware variants such as Hannibal Stealer and Gremlin Stealer, compelling experts to remain vigilant against the growing threat posed by these evolving malware families.