Venom Spider Spins Web of New Malware for MaaS Platform


The threat actor "Venom Spider," known for its malware-as-a-service (MaaS) platform, has introduced new tools, including a backdoor named RevC2 and a loader called Venom Loader, used in attacks observed between August and October 2024. RevC2 communicates via WebSockets with its command-and-control (C2) server, enabling cookie and password theft, network traffic proxying, and remote code execution (RCE). Venom Loader encodes payloads using victims' computer names for personalized attacks. Venom Spider’s platform, used by groups like FIN6 and Cobalt, also includes tools such as VenomLNK, TerraLoader, and TerraStealer, with FIN6 recently deploying its MaaS platform in spear-phishing campaigns to deliver secondary malware payloads.

Read More


thumb-image

Solutions