More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader
Dec 06, 2024
Malware / Cybercrime
The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK , a staple tool that serves as an initial access vector for the deployment of follow-on payloads. "RevC2 uses WebSockets to communicate with its command-and-control (C2) server. The malware is capable of stealing cookies and passwords, proxies network traffic, and enables remote code execution (RCE)," Zscaler ThreatLabz researcher Muhammed Irfan V A said . "Venom Loader is a new malware loader that is customized for each victim, using the victim's computer name to encode the payload." Both the malware families have been distributed as part of campaigns observed by the cybersecurity company between August and October 2024. The threat actor behind the e-cr...