eSentire has revealed the identity of the second attacker behind the Golden Chickens malware with a fatal privacy bug.
The mentioned person, who lives in Bucharest (Romania), received the code name Jack. Jack, along with his accomplice, use accounts on the Exploit.in forum with the nicknames "badbullzvenom" and "Chuck from Montreal", respectively.
eSentire described Jack as the true inspiration behind Golden Chickens. The experts also proved that Jack is the owner of a fruit and vegetable import and export business.
Jack's online activity begins in 2008, when he was only 15 years old. Then he registered on various hacker forums. The teenager was interested in creating malware, infostealers and keyloggers, and grew up to be a hacker developing password thieves, ransomware and More_eggs.
In 2012, Jack gained a reputation as a scammer in the cybercriminal community due to his failure to provide adequate support to clients buying his software. After numerous allegations, Jack decided to move to Pakistan to work for the government as a security specialist.
It's not immediately clear if Jack went to Pakistan, but eSentire found tactical overlaps between the 2019 campaign of the Pakistani SideCopy attacker, and Jack's VenomLNK malware, which serves as the initial access vector for the More_eggs backdoor.
It is suspected that Jack's paths crossed with "Chuck from Montreal" in 2013, when Chuck on one of the forums shared contacts for communication in the Jabber messenger. The messenger account was linked to LUCKY, Jack's first nickname on hacker forums.
Researchers speculate that Jack made a deal with Chuck to post his messages on the forums under Chuck's nicknames "badbullz" and "badbullzvenom" to get around his notoriety as a scammer and "start over with a clean slate". Subsequently, in 2017, badbullzvenom (also known as LUCKY) released a separate tool called VenomKit, which has since evolved into Golden Chickens.
The experts concluded that it was the Jabber account and the sharing of nicknames with Chuck that became a fatal mistake for Jack, which led to his deanonymization. eSentire also uncovered the identities of Jack's wife, mother, and two sisters.