Recent reports have identified the Golden Chickens threat group as developers of two new malware types: TerraStealerV2, which collects sensitive data, and TerraLogger, a keylogger. Despite their ongoing development, these tools may not yet exhibit the advanced stealth seen in previous operations. Affected: Organizations relying on web-based applications and users of cryptocurrency.
Keypoints :
- Golden Chickens, also known as Venom Spider, has been active since at least 2018, utilizing a malware-as-a-service (MaaS) model.
- TerraStealerV2 collects browser credentials, cryptocurrency wallet data, and browser extension information.
- TerraLogger is a keylogger that records keystrokes but does not exfiltrate data or communicate with command-and-control (C2) servers.
- Both malware families are currently in development and do not yet display full stealth capabilities.
- TerraStealerV2 is able to exfiltrate data to Telegram and the domain โwetransfers[.]io.โ
- The malware utilizes legitimate Windows utilities to avoid detection during operations.
- The emergence of other stealer malware families may suggest an expanding threat landscape for credential theft.
- Recent advancements in other malware like StealC include improved delivery methods and enhanced C2 communication.
- StealC V2 features a redesigned control panel for customizable payload delivery and integrated notification systems.
Read More: https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html