Venom

Malware updated a year ago (2024-11-29T14:40:20.523Z)

Download STIX

Preview STIX

Venom is a malicious software (malware) that has been associated with the hacker group Seedworm since at least mid-2022. It was described by Microsoft as Seedworm’s “tool of choice,” often delivered via a custom build of Venom Proxy in its activities. The malware was used in conjunction with other tools such as the SimpleHelp remote access tool, Venom Proxy, and a custom keylogging tool. Additionally, it utilized publicly available and living-off-the-land tools to infiltrate and exploit targeted systems. The Venom malware was also used in ransomware-as-a-service (RaaS) operations, indiscriminately targeting school districts, financial firms, critical infrastructure, and others with data theft and double extortion. The Venom malware has been implicated in several high-profile cases, including a lawsuit against 23andMe, which focused on the company’s allegedly inadequate security protocols and slow response to a Venom-related hack. In another instance, the attackers set up a command and control mechanism for an attack using open source reverse proxy tools like Fast Reverse Proxy (FRP), a customized version of the Socks Linux server, and Venom. This penetration-testing tool was used for running security audits, further demonstrating its versatility and threat potential. In the cybercriminal underworld, Venom Drainer, a successor to Monkey Drainer, emerged as a significant player. After Monkey Drainer was exposed by digital detective outfit ZackXBT and ceased operations in March 2023, most users migrated to Venom Drainer until it too closed in April 2023. During its operation, Venom Drainer reportedly amassed $27 million in stolen cryptocurrency, according to Scam Sniffer. Interestingly, Venom Drainer emerged just a day before Monkey Drainer's closure, suggesting a planned transition to this newer group. Despite its eventual shutdown, the legacy of Venom Drainer continued as it was recommended to aspiring cybercriminals seeking to continue in this line of work.

Description last updated: 2024-09-03T16:16:17.586Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Rat

Loader

Proxy

Windows

Drainer

Linux

Maas

Ransomware

Simplehelp

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Venom Spider Malware is associated with Venom. Venom Spider is a potent and stealthy malware suite, operated by a threat actor of the same name. Identified by Elite Threat Hunters, Venom Spider, also known as badbullzvenom, operates under a Malware-as-a-Service (MaaS) model. This means that the malware is provided as a service to other cybercrim	Unspecified	2
The Golden Chickens Malware is associated with Venom. Golden Chickens, also known as More_eggs, is a stealthy and capable malware suite primarily used by financially-motivated cybercrime groups such as the Cobalt Group and FIN6. The malware was initially discovered in 2018 and has been primarily targeting organizations in Southeast Asia, stealing sensi	Unspecified	2

Source Document References

Information about the Venom Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	5 months ago	Security Affairs newsletter Round 526 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Crooks use a fake antivirus site to spread Venom RAT and a mix of malware
Recorded Future	6 months ago	Golden Chickens Unveils TerraStealerV2 and TerraLogger: New Credential Theft Tools Identified by Insikt Group
Securityaffairs	a year ago	Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	a year ago	Venom Spider Spins Web of MaaS Malware
Fortinet	a year ago	Emansrepo Stealer: Multi-Vector Attack Chains \| FortiGuard Labs
Fortinet	2 years ago	ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins \| FortiGuard Labs
CERT-EU	2 years ago	SF hackers allegedly target 23andMe for data on customers of Ashkenazi Jewish and Chinese heritages \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
DARKReading	3 years ago	Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ
CERT-EU	2 years ago	‘You just can’t control yourself’: Judge threatens to boot Donald Trump from court
DARKReading	2 years ago	Islamic Nonprofit Infiltrated for 3 Years With Silent Backdoor
BankInfoSecurity	2 years ago	Crypto-Seeking Drainer Scam-as-a-Service Operations Thrive
CERT-EU	2 years ago	Nest Wallet CEO Loses $125,000 in Wallet Draining Scam
CERT-EU	3 years ago	Crypto Scammer Monkey Drainer Shuts Down Criminal Operations \| IT Security News
Unit42	2 years ago	Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
CERT-EU	2 years ago	Who hacked Sony's Insomniac video game data? \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	2 years ago	MuddyWater targets African telecommunications companies
CERT-EU	2 years ago	Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa
MITRE	3 years ago	Blue Mockingbird activity mines Monero cryptocurrency
CERT-EU	2 years ago	Epic Games Responds to Ransomware Attack Claims \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting