Ethical Hacking News
New Stealer Malware Families Emerge: Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
The threat landscape is evolving, with new stealer malware families emerging that pose significant risks to browser security. In this article, we will delve into the details of the latest threat actor to join the ranks of notorious malware families, Golden Chickens, and their newly deployed TerraStealerV2 and TerraLogger.
TerraStealerV2 and TerraLogger malware families have been attributed to Golden Chickens, posing increased risk to individuals and organizations. TerraStealerV2 collects browser credentials, cryptocurrency wallet data, and browser extension information, using trusted Windows utilities to evade detection. TerraLogger is a standalone keylogger that uses a common low-level keyboard hook, but lacks data exfiltration or C2 communication functionality. The new malware families highlight the evolving threat landscape and the need for organizations to stay vigilant and proactive in their cybersecurity posture.
Golden Chickens, a financially motivated threat actor linked to the notorious malware family called More_eggs, has been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger. This development is significant, as it suggests that Golden Chickens continues to evolve and diversify its arsenal, posing an increased risk to individuals and organizations.
TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information. It leverages trusted Windows utilities, such as regsvr32.exe and mshta.exe, to evade detection. The malware's payload delivery options have been expanded to include Microsoft Software Installer (MSI) packages and PowerShell scripts.
On the other hand, TerraLogger is a standalone keylogger that uses a common low-level keyboard hook to record keystrokes. However, it does not include functionality for data exfiltration or command-and-control (C2) communication, suggesting that it is either in early development or intended to be used in conjunction with another malware part of the Golden Chickens MaaS ecosystem.
The current state of TerraStealerV2 and TerraLogger suggests that both tools remain under active development and do not yet exhibit the level of stealth typically associated with mature Golden Chickens tooling. Given Golden Chickens' history of developing malware for credential theft and access operations, these capabilities will likely continue to evolve.
This emergence of new stealer malware families is part of a broader trend in which threat actors are continually adapting and refining their tactics, techniques, and procedures (TTPs). The rise of AI-powered phishing attacks, the exploitation of critical vulnerabilities in popular software applications, and the increasing sophistication of ransomware campaigns all underscore the evolving nature of the threat landscape.
The discovery of an updated version of the StealC malware with support for streamlined command-and-control (C2) communication protocol and the addition of RC4 encryption is also noteworthy. The new 2.2.4. version, introduced in March 2025, has been observed being distributed via another malware loader called Amadey.
StealC V2 introduces improvements such as enhanced payload delivery, a streamlined communications protocol with encryption, and a redesigned control panel that provides more targeted information collection. However, the fact that StealC V2 can be distributed via multiple vectors highlights the evolving tactics used by Golden Chickens to evade detection and expand its reach.
The emergence of new stealer malware families like Hannibal Stealer, Gremlin Stealer, and Nullpoint Stealer which are designed to exfiltrate a wide range of sensitive information from their victims, further underscores the complexity of the threat landscape. These new families are likely to pose significant risks to individuals and organizations, particularly those with critical infrastructure or sensitive data.
In conclusion, the deployment of TerraStealerV2 and TerraLogger by Golden Chickens highlights the ongoing evolution of the threat landscape. As threat actors continue to adapt and refine their TTPs, it is essential for organizations to remain vigilant and proactive in their cybersecurity posture. This includes staying informed about emerging threats, implementing robust security controls, and maintaining a culture of awareness and education within the organization.
By understanding the tactics, techniques, and procedures used by Golden Chickens and other threat actors, individuals and organizations can better protect themselves against emerging threats and stay ahead of the evolving threat landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Stealer-Malware-Families-Emerge-Golden-Chickens-Deploy-TerraStealerV2-to-Steal-Browser-Credentials-and-Crypto-Wallet-Data-ehn.shtml
Published: Mon May 5 02:31:06 2025 by llama3.2 3B Q4_K_M
