Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware

2023-05-20 10:48

The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a fatal operational security blunder, cybersecurity firm eSentire said.

eSentire characterized Jack as the true mastermind behind Golden Chickens.

"'Jack' has taken great pains to obfuscate the Golden Chickens malware, trying to make it undetectable by most [antivirus] companies, and strictly allowing only a small number of customers to buy access to the Golden Chickens MaaS.".

Some of the earliest malware tools developed by Jack in 2008 consisted of Voyer, which is capable of harvesting a user's Yahoo instant messages, and an information stealer christened FlyCatcher that can record keystrokes.

It's not immediately clear if Jack ended up going to Pakistan, but eSentire said it spotted tactical overlaps between a 2019 campaign conducted by a Pakistani threat actor known as SideCopy and Jack's VenomLNK malware, which functions as the initial access vector for the More eggs backdoor.

Jack is suspected to have crossed paths with "Chuck from Montreal" sometime between late 2012 and October 4, 2013, the date on which a message was posted from Chuck's badbullz account on the Lampeduza forum containing contact information - a Jabber address - associated with LUCKY. It's speculated that Jack brokered a deal with Chuck that would allow him to post under Chuck's aliases "Badbullz" and "Badbullzvenom" on various underground forums as a way to get around his notoriety as a ripper.

News URL

https://thehackernews.com/2023/05/meet-jack-from-romania-mastermind.html

#malware #romania