Attacks with the newly emergent RevC2 information-stealing malware and Venom Loader malware loader have been launched by malware-as-a-service operation Venom Spider, also known as Golden Chickens, from August to October as part of separate campaigns aimed at broadening compromise after it had initially spread the More_eggs malware, The Hacker News reports.
Venom Spider leveraged the VenomLNK tool to facilitate initial access in both campaigns, the first of which involved the tool being used to show a decoy PNG image while executing RevC2, which enabled Chromium browser cookie and credential exfiltration, shell command execution, screenshot capturing, and traffic proxying, according to an analysis from Zscaler ThreatLabz. On the other hand, Venom Loader deployment via VenomLNK enabled the distribution of the More_eggs lite backdoor, which performs remote code execution. Such a development comes after an ANY.RUN report detailing the emergence of the sophisticated PSLoramya malware loader that exploits VBS, BAT, and PowerShell scripts to facilitate Quasar RAT distribution.
