Venom

Venom is a malicious software (malware) that has been associated with the hacker group Seedworm since at least mid-2022. It was described by Microsoft as Seedworm’s “tool of choice,” often delivered via a custom build of Venom Proxy in its activities. The malware was used in conjunction with other tools such as the SimpleHelp remote access tool, Venom Proxy, and a custom keylogging tool. Additionally, it utilized publicly available and living-off-the-land tools to infiltrate and exploit targeted systems. The Venom malware was also used in ransomware-as-a-service (RaaS) operations, indiscriminately targeting school districts, financial firms, critical infrastructure, and others with data theft and double extortion. The Venom malware has been implicated in several high-profile cases, including a lawsuit against 23andMe, which focused on the company’s allegedly inadequate security protocols and slow response to a Venom-related hack. In another instance, the attackers set up a command and control mechanism for an attack using open source reverse proxy tools like Fast Reverse Proxy (FRP), a customized version of the Socks Linux server, and Venom. This penetration-testing tool was used for running security audits, further demonstrating its versatility and threat potential. In the cybercriminal underworld, Venom Drainer, a successor to Monkey Drainer, emerged as a significant player. After Monkey Drainer was exposed by digital detective outfit ZackXBT and ceased operations in March 2023, most users migrated to Venom Drainer until it too closed in April 2023. During its operation, Venom Drainer reportedly amassed $27 million in stolen cryptocurrency, according to Scam Sniffer. Interestingly, Venom Drainer emerged just a day before Monkey Drainer's closure, suggesting a planned transition to this newer group. Despite its eventual shutdown, the legacy of Venom Drainer continued as it was recommended to aspiring cybercriminals seeking to continue in this line of work.