CyberSecurity news
FlagThis
@securityonline.info
//
Recorded Future's Insikt Group has released a report detailing the discovery of two new malware families, TerraStealerV2 and TerraLogger, both linked to the notorious Golden Chickens threat actor, also known as Venom Spider. Golden Chickens is a financially motivated group known for providing a Malware-as-a-Service (MaaS) platform, offering cybercriminals a suite of malicious tools. The newly identified malware strains add to their existing arsenal, which includes tools like VenomLNK, TerraLoader, and TerraCrypt, which have been implicated in past attacks against major organizations. The report, published on May 1, 2025, highlights the evolving tactics of this sophisticated threat actor.
TerraStealerV2 is designed to steal browser credentials, target cryptocurrency wallets, and pilfer browser extensions. This stealer malware is delivered through various file types, including LNK, MSI, DLL, and EXE files, and utilizes legitimate Windows tools like regsvr32.exe and mshta.exe to bypass endpoint detection. While TerraStealerV2 lacks the ability to decrypt credentials protected by Chrome’s Application Bound Encryption (ABE), a security measure introduced in mid-2024, it can still exfiltrate unprotected data. It copies cryptocurrency wallet directories and uploads them to Telegram bots and wetransfers[.]io, a lookalike domain hosted behind Cloudflare, showcasing the malware's data theft capabilities.
TerraLogger represents the first keylogging capability developed by Golden Chickens. This standalone keylogger records keystrokes locally using a low-level keyboard hook and stores them in plaintext files within the C:\ProgramData directory. While TerraLogger currently lacks command-and-control or data exfiltration logic, its modular design suggests it is either under development or intended to be used in conjunction with other components of the Golden Chickens toolkit. Experts suggest the group continues to refine its delivery methods by combining VenomLNK attacks with Windows-native tools, indicating a persistent effort to evolve and enhance their malicious operations.
ImgSrc: securityonline.
References :
TerraStealerV2 is designed to steal browser credentials, target cryptocurrency wallets, and pilfer browser extensions. This stealer malware is delivered through various file types, including LNK, MSI, DLL, and EXE files, and utilizes legitimate Windows tools like regsvr32.exe and mshta.exe to bypass endpoint detection. While TerraStealerV2 lacks the ability to decrypt credentials protected by Chrome’s Application Bound Encryption (ABE), a security measure introduced in mid-2024, it can still exfiltrate unprotected data. It copies cryptocurrency wallet directories and uploads them to Telegram bots and wetransfers[.]io, a lookalike domain hosted behind Cloudflare, showcasing the malware's data theft capabilities.
TerraLogger represents the first keylogging capability developed by Golden Chickens. This standalone keylogger records keystrokes locally using a low-level keyboard hook and stores them in plaintext files within the C:\ProgramData directory. While TerraLogger currently lacks command-and-control or data exfiltration logic, its modular design suggests it is either under development or intended to be used in conjunction with other components of the Golden Chickens toolkit. Experts suggest the group continues to refine its delivery methods by combining VenomLNK attacks with Windows-native tools, indicating a persistent effort to evolve and enhance their malicious operations.
ImgSrc: securityonline.
Share:
References :
- Virus Bulletin: Recorded Future’s Insikt Group uncovered 2 malware families, TerraStealerV2 & TerraLogger, linked to the Golden Chickens threat actor. TerraStealerV2 steals browser credentials & targets crypto wallets, while TerraLogger operates as a standalone keylogger.
- securityonline.info: SecurityOnline article about Golden Chickens' malware.
- www.recordedfuture.com: Recorded Future’s Insikt Group uncovered 2 malware families, TerraStealerV2 & TerraLogger, linked to the Golden Chickens threat actor. TerraStealerV2 steals browser credentials & targets crypto wallets, while TerraLogger operates as a standalone keylogger.
- recordedfuture.com: Recorded Future's Insikt Group report on TerraStealerV2 and TerraLogger.
- The Hacker News: Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
- gbhackers.com: Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the notorious financially motivated threat actor Golden Chickens, also known as Venom Spider.
- www.scworld.com: Malware-as-a-service operation Golden Chickens, also known as Venom Spider, has updated its attack arsenal with the new TerraStealerV2 and TerraLogger information-stealing malware strains, Cybernews reports.
- securityonline.info: Golden Chickens Unveils TerraStealerV2 and TerraLogger Malware
- SOC Prime Blog: TerraStealerV2 and TerraLogger Detection: Golden Chickens Threat Actor Behind New Malware Families
- socprime.com: TerraStealerV2 and TerraLogger Detection: Golden Chickens Threat Actor Behind New Malware Families
- Anonymous ???????? :af:: Social post about Golden Chickens Deploy TerraStealerV2
- The Hacker News: Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
- The Hacker News: Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
Classification:
- HashTags: #GoldenChickens #TerraStealerV2 #TerraLogger
- Attacker: Golden Chickens
- Feature: credential theft
- Malware: TerraStealerV2, TerraLogger
- Type: Malware
- Severity: Medium