VenomLNK is a tool provided by the Golden Chickens (GS) Malware-as-a-Service (MaaS) to threat actors for various malware campaigns. It is at the beginning of a typical GC MaaS infection chain. Researchers reported a corrupted Windows Shortcut file dubbed VenomLNK while investigating several different malware attacks.
It is suggested that VenomLNK is a new variant of an already known threatening document kit builder named VenomKit. VenomKit has been used to exploit multiple vulnerabilities by building corrupted Rich Text File (RTF) documents.
Cybersecurity researchers have been investigating VenomLNK since 2018, along with several other GS MaaS tools used all together in similar attack chains that all follow the same pattern. The operators of this notorious scheme continue to expand their portfolio of dangerous tools supporting their C2 structure. It is expected that this year the MaaS will continue to evolve and attract mote top-tier threat actors.