By GoldSparrow in Malware

VenomLNK is a tool provided by the Golden Chickens (GS) Malware-as-a-Service (MaaS) to threat actors for various malware campaigns. It is at the beginning of a typical GC MaaS infection chain. Researchers reported a corrupted Windows Shortcut file dubbed VenomLNK while investigating several different malware attacks.

It is suggested that VenomLNK is a new variant of an already known threatening document kit builder named VenomKit. VenomKit has been used to exploit multiple vulnerabilities by building corrupted Rich Text File (RTF) documents.

When successful, such an attack results in the delivery of batch and scriptlet files on the target system, followed by the download and execution of additional malware. Particularly, VenomLNK leads to a TerraLoader variant being dropped on the affected computer. That GC Loader contains an obfuscated JavaScript file, which in turn, downloads a file that is a variant of another threatening GC tool known as "more_eggs."

Cybersecurity researchers have been investigating VenomLNK since 2018, along with several other GS MaaS tools used all together in similar attack chains that all follow the same pattern. The operators of this notorious scheme continue to expand their portfolio of dangerous tools supporting their C2 structure. It is expected that this year the MaaS will continue to evolve and attract mote top-tier threat actors.


Most Viewed