Malware-as-a-service operation Golden Chickens, also known as Venom Spider, has updated its attack arsenal with the new TerraStealerV2 and TerraLogger information-stealing malware strains, Cybernews reports.
Attacks involving TerraStealerV2 set sights on Google Chrome's "Login Data" database to compromise browser-stored credentials and extension details, which are then exfiltrated via Telegram and the wetransfers[.]io file transfer domain, according to an analysis from Recorded Future's Insikt Group. Despite maintaining stealth through the exploitation of the regsvr32.exe and mshta.exe utilities, TerraStealerV2 cannot circumvent Chrome's Application Bound Encryption feature. On the other hand, the TerraLogger module facilitates keystroke logging but its lack of other components suggests that it should be used alongside other tools. Such a development highlights the continued exploits of Golden Chickens, which has already created the VenomLNK initial access tool, the more_eggs and lite_more_eggs backdoors, and the TerraRecon and TerraWiper payloads, as well as the TerraLoader malware loader, and TerraTV tool for TeamViewer session compromise.
Attacks involving TerraStealerV2 set sights on Google Chrome's "Login Data" database to compromise browser-stored credentials and extension details, which are then exfiltrated via Telegram and the wetransfers[.]io file transfer domain, according to an analysis from Recorded Future's Insikt Group. Despite maintaining stealth through the exploitation of the regsvr32.exe and mshta.exe utilities, TerraStealerV2 cannot circumvent Chrome's Application Bound Encryption feature. On the other hand, the TerraLogger module facilitates keystroke logging but its lack of other components suggests that it should be used alongside other tools. Such a development highlights the continued exploits of Golden Chickens, which has already created the VenomLNK initial access tool, the more_eggs and lite_more_eggs backdoors, and the TerraRecon and TerraWiper payloads, as well as the TerraLoader malware loader, and TerraTV tool for TeamViewer session compromise.
