Friday, March 29, 2024

New Research Uncovers Threat Actor Behind Infamous Golden Chickens Malware-as-a-Service

The identity of the individual behind the Golden Chickens malware-as-a-service has been uncovered by cybersecurity experts. The perpetrator, known online as “badbullzvenom,” has been identified in the real world.

An extensive 16-month investigation by eSentire’s Threat Response Unit revealed that the badbullzvenom account was linked to multiple individuals, as outlined in the unit’s recently published report.

By identifying themselves as “Chuck from Montreal,” the individual known as Frapstar left a digital trail that allowed the cybersecurity firm to piece together its identity.

This includes the following information:-

  • Real name
  • Pictures
  • Home address
  • Names of his parents
  • Siblings
  • Friends
  • Social media accounts
  • His interests

Tools Used by Threat Actors

The Golden Chickens (aka Venom Spider) platform is a MaaS provider that integrates with a number of tools such as the following:-

  • Taurus Builder
  • More_eggs
  • VenomLNK
  • TerraLoader
  • TerraRecon
  • TerraStealer
  • TerraTV
  • TerraPreter
  • TerraCrypt

As per the report, the cyber tools of this threat actor have been utilized by various prominent cybercrime groups, causing a combined estimated loss of $1.5 billion.

Here below we have mentioned the group names that are involved:-

  • Cobalt Group (aka Cobalt Gang)
  • Evilnum
  • FIN6

The connection Between badbullzvenom and Frapstar

In order to connect the different forum accounts associated with the Golden Chickens MaaS, the TRU team conducted a thorough analysis of various security reports through Open Source Intelligence (OSINT). 

They discovered a 2015 Trend Micro report named, “Attack of the Solo Cybercriminals – Frapstar in Canada,” which identified the threat actor as a lone carder, who monetizes stolen credit cards and has multiple aliases and accounts on multiple hacker forums, one of them being badbullzvenom.

Here are some of the key details about the threat actor known as Frapstar:-

  • They have a particular interest in procuring Canadian credit card accounts that have been compromised.
  • They own a BMW 5 Series automobile, and it is an E39 540i model.
  • The usernames they use on various forums are Badbullzvenom, Badbullz, Frapstar, Ksensei21, and E39_Frap* (i.e., E39_Frapstar).

In a change of strategy, the same tactics were used last year to target corporate hiring managers by sending resumes with malware as a way to infect their systems.

The individual known as ‘Chuck,’ who utilizes various aliases for his underground forum, social media, and Jabber accounts, and the threat actor who claims to be from Moldova, have taken significant measures to conceal their true identities.

The developers of Golden Chickens malware have put a great deal of effort into making it evasive to detection by the majority of AV companies, and have restricted the use of the malware to only targeted attacks.

It is believed that Chuck is one of the two individuals who control the badbullzvenom account on the Exploit[.]in the underground forum. The location of the other party is yet to be determined but could be from:-

  • Moldova 
  • Romania

Recommendations

Here below we have mentioned the recommendations offered by the cybersecurity analysts:-

  • Ensure that the endpoints are monitored exhaustively.
  • Be sure to inform employees about common phishing tactics in order to avoid falling victim to them.
  • In order to tackle phishing and suspicious behavior, it is important to have an easy process in place for reporting it.
  • Take advantage of Managed Detection and Response services which will allow you to monitor your security 24 hours a day.

Network Security Checklist – Download Free E-Book

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles