Titanium APT uses fileless technique to inject new hidden backdoor on Windows
By MYBRANDBOOK
A new wave of malware attack from the Titanium APT group have struck to infect Windows with hidden backdoor by mimicking common legitimate software and file less technique. Additionally, the malware file system cannot be detected as malicious due to the use of encryption and fileless technologies to infect the victims.
Titanium APT is one of the technologically advanced hacking groups; they are using the various sophisticated techniques to attack the target, and their method of attack makes very hard to detect their activities in wide. They mainly target the APAC region, and the current attack is believed to be focused on South and Southeast Asia.
Before installing a backdoor on a windows computer in the final stage, threat actors follow complex sequences of dropping, downloading, and installing stages. During this process, in every stage, they mimic a known software, such as security software, software for making DVD videos, sound drivers’ software, to evade detection.
The shellcode itself contains position-independent code connected to the hardcoded C&C address, download an encrypted payload, then decrypt and launch it using a hardcoded unpacking password.
Titanium Threat actors always have a habit to use Wrapper DLLs to decrypt and load an encrypted file on the system memory.
At the final stage of installing a backdoor, attackers use the Trojan-Backdoor installer that launches from the command line using a password to unpack it. Installer receives a command from the C2 server by sending an empty request to the C2 server, and the malware can also get proxy settings from Internet Explorer. In response, C2 Server sends a PNG file that contains steganographically hidden data. This data is encrypted with the same key as the C&C requests. The decrypted data contains backdoor commands to steal the data from infected victims.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : Debjani Ghosh
Debjani Ghosh is the President of the National Association of Software...
Icons Of India : Dr. Arvind Gupta
Arvind Gupta is the Head and Co-Founder of the Digital India Foundatio...
Icons Of India : Deepak Sharma
Deepak Sharma spearheads Schneider Electric India. He brings with him ...
C-DOT - Center of Development of Telematics
India’s premier research and development center focused on telecommu...
UIDAI - Unique Identification Authority of India
UIDAI and the Aadhaar system represent a significant milestone in Indi...
NIC - National Informatics Centre
NIC serves as the primary IT solutions provider for the government of ...
Indian Tech Talent Excelling The Tech World - Lal Karsanbhai, President & CEO, Emerson
Lal Karsanbhai, President and CEO of Emerson, assumed the leadership i...
Indian Tech Talent Excelling The Tech World - Sanjay Mehrotra, CEO- Micron Technology
Sanjay Mehrotra, the President and CEO of Micron Technology, is at the...
Indian Tech Talent Excelling The Tech World - Steve Sanghi, Executive Chair, Microchip
Steve Sanghi, the Executive Chair of Microchip Technology, has been a ...