Intel Name: Unveiling revc2 and venom loader
Date of Scan: December 4, 2024
Impact: High
Summary: Between August and October 2024, ThreatLabz identified campaigns deploying two new malware families: RevC2 and Venom Loader. These were distributed via Venom Spider’s malware-as-a-service (MaaS) tools. RevC2 utilizes WebSockets for command-and-control (C2) communication and is capable of stealing cookies and passwords, proxying network traffic, and enabling remote code execution (RCE). Venom Loader, a custom malware loader, encodes its payload using the victim’s computer name for a tailored attack.