More_eggs malware hatches two new variants for MaaS operation

Security researchers found two new malware variants, an infostealer and a loader
The developers seem to be the same group that’s behind more_eggs
The infostealer can grab passwords, cookies, and more

Venom Spider, a threat actor behind the infamous More_eggs malware, is expanding its malware-as-a-service (MaaS) operation. This is according to a new report from cybersecurity researchers Zscaler ThreatLabz, who recently found two new malware families linked to the same developer.

In a detailed report published earlier this week, the researchers said that Venom Spider (also known as Golden Chickens) built an infostealer called RevC2, and a loader named Venom Loader.

The infostealer can grab people’s login credentials, and cookies from Chromium-powered browsers (Chrome, Edge, Brave, and others). It can run shell commands, grab screenshots, and proxy traffic using SOCKS5. Finally, it can run commands as a different user, as well. The loader, on the other hand, is customized for each victim, and uses their computer’s name to encode the payload, it was said.

VenomLNK

The researchers first observed the new malware being used in August this year, and have been tracking it ever since. They don’t know exactly how the malware is distributed to the victims, but suspect it all starts with VenomLNK. This is an initial access tool that the researchers observed being used to deploy both of the above-mentioned malware, while at the same time, showing a decoy PNG image to the victim.

This is not the first time VenomLNK was seen in the wild, as the experts said it was used to deploy More_eggs lite before.

More_eggs is a JavaScript-based loader used to infiltrate systems by downloading and executing additional malicious payloads, typically after gaining an initial foothold through phishing emails or malicious links.

The malware is notorious for its stealthy behavior, as it leverages legitimate processes and tools to evade detection. Attackers often deploy more_eggs to install ransomware, steal sensitive data, or provide remote access to compromised systems.

More_eggs has been around for at least three years, possibly for longer.

Via The Hacker News

https://cdn.mos.cms.futurecdn.net/S2k99RTyJJhGbDwQRHUsyg-1200-80.jpg

Source link

HP EliteBook 6 G2q promises endless 5G data and AI power, but hides significant limitations

Why hands-on digital skills will define the value of AI

‘I was stuck on the overpass with dump trucks all around me’: A mass Baidu robotaxi outage just caused traffic mayhem in China

‘I was stuck on the overpass with dump trucks all around me’: A mass Baidu robotaxi outage just caused traffic mayhem in China

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Hailee Steinfeld Gives Birth, Welcomes First Child With Josh Allen

Hudson Stone Signs With Hollywood Records

How To Wear & Layer Lightweight Jackets This Spring

Arts organisation enlists celebrities in fight to save Manhattan church – The Art Newspaper

U.S. gas prices are at their highest since 2022, and it’s primarily hurting low-income households

Optimum Communications announces executive transition and retention agreement

U.S. gas prices are at their highest since 2022, and it’s primarily hurting low-income households

US Army chief of staff asked to step down by Hegseth, sources say

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

More_eggs malware hatches two new variants for MaaS operation

Hailee Steinfeld Gives Birth, Welcomes First Child With Josh Allen

U.S. gas prices are at their highest since 2022, and it’s primarily hurting low-income households

Hudson Stone Signs With Hollywood Records

Optimum Communications announces executive transition and retention agreement