1. Forum
  2. tqwNet
  3. TQW GENTECH

  • More_eggs malware hatches two new variants for MaaS operation

    From TechnologyDaily@1337:1/100 to All on Friday, December 06, 2024 15:15:05
    More_eggs malware hatches two new variants for MaaS operation

    Date:
    Fri, 06 Dec 2024 15:00:00 +0000

    Description:
    RevC2 and Venom Loader are new additions to Venom Spider's MaaS.

    FULL STORY ======================================================================Security
    researchers found two new malware variants, an infostealer and a loader The developers seem to be the same group that's behind more_eggs The infostealer can grab passwords, cookies, and more

    Venom Spider, a threat actor behind the infamous More_eggs malware , is expanding its malware-as-a-service (MaaS) operation. This is according to a new report from cybersecurity researchers Zscaler ThreatLabz, who recently found two new malware families linked to the same developer.

    In a detailed report published earlier this week, the researchers said that Venom Spider (also known as Golden Chickens) built an infostealer called RevC2, and a loader named Venom Loader.

    The infostealer can grab peoples login credentials, and cookies from Chromium-powered browsers (Chrome, Edge, Brave, and others). It can run shell commands, grab screenshots, and proxy traffic using SOCKS5. Finally, it can run commands as a different user, as well. The loader, on the other hand, is customized for each victim, and uses their computers name to encode the payload, it was said. VenomLNK

    The researchers first observed the new malware being used in August this
    year, and have been tracking it ever since. They dont know exactly how the malware is distributed to the victims, but suspect it all starts with VenomLNK. This is an initial access tool that the researchers observed being used to deploy both of the above-mentioned malware, while at the same time, showing a decoy PNG image to the victim.

    This is not the first time VenomLNK was seen in the wild, as the experts said it was used to deploy More_eggs lite before.

    More_eggs is a JavaScript-based loader used to infiltrate systems by downloading and executing additional malicious payloads, typically after gaining an initial foothold through phishing emails or malicious links.

    The malware is notorious for its stealthy behavior, as it leverages
    legitimate processes and tools to evade detection. Attackers often deploy more_eggs to install ransomware , steal sensitive data, or provide remote access to compromised systems.

    More_eggs has been around for at least three years, possibly for longer.

    Via The Hacker News You might also like Uh oh, malicious Windows shortcuts are making a return Here's a list of the best antivirus These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/more-eggs-malware-hatches-two-new-varia nts-for-maas-operation


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)