aSince uncovering the Malware-as-a-service provider “Golden Chickens” back in 2018, we are carefully tracking the evolution of the Golden Chickens (GC) Malware-as-a-Service provider (MaaS) and how different threat actors use it.
Latest Golden Chickens Activity
Lately, a new spear-phishing campaign is actively targeting LinkedIn members using personalized job offers as a lure. A threat actor group is sending job offers that have the same name as that of the victims’ job titles from their LinkedIn profiles. Upon opening the ZIP file that comes with the fake offer, the stealthy installation of the fileless backdoor more_egg is initiated and will eventually allow the attacker to remotely control the victim’s computer.
About two weeks ago, we first observed a campaign resulting in the same C2. We attribute the activity to FIN6.
Our exclusive Intelligence on Golden Chickens is accessible in Mercury to all our clients. Wants to know more? Just contact us!
To help you stay informed on the latest development, we created a compilation of all our public research on Golden Chickens.