Badbullzvenom

Badbullzvenom, also known as Lucky and Jack, is a Romanian threat actor identified by eSentire as the second developer of the Golden Chickens malware. This malware has been utilized by prominent cybercrime operations such as the Russian Cobalt Group and FIN6. The identification was reported on May 22, 2023, and linked Badbullzvenom to the Golden Chickens toolkit, including the more_eggs component, distributed by Venom Spider, an underground Malware-as-a-Service (MaaS) provider. Additionally, Badbullzvenom has been associated with the release of a separate tool called VenomKit in 2017, which has since evolved into the Golden Chickens MaaS. The alias Badbullzvenom gained further notoriety when another threat actor named "babay" accused him of stealing $1 million on the Exploit.in forum on July 18, 2022. Babay subsequently issued a $200,000 bounty for any information leading to Badbullzvenom's real identity. Further investigations revealed that Badbullzvenom had brokered a deal with a Montreal-based cybercriminal known as 'Chuck' to use his aliases "badbullz" and "badbullzvenom" on various underground forums, essentially allowing him to start with a clean slate and build credibility under these new aliases. Interestingly, Badbullzvenom's association with the "LUCKY" account led to his unmasking. A critical mistake was made when the Jabber account was used, linking LUCKY to Badbullzvenom. eSentire characterized Jack as the true mastermind behind Golden Chickens, operating the "badbullzvenom" account on the Russian-language Exploit.in forum alongside "Chuck from Montreal." It is speculated that the cessation of posting through the LUCKY account and the subsequent release of a macro-building kit called MULTIPLIER in 2015 via the badbullzvenom account further solidified Jack's role as a key player in this cybercrime network.