Titanium APT uses fileless technique to inject new hidden backdoor on Windows
By MYBRANDBOOK
A new wave of malware attack from the Titanium APT group have struck to infect Windows with hidden backdoor by mimicking common legitimate software and file less technique. Additionally, the malware file system cannot be detected as malicious due to the use of encryption and fileless technologies to infect the victims.
Titanium APT is one of the technologically advanced hacking groups; they are using the various sophisticated techniques to attack the target, and their method of attack makes very hard to detect their activities in wide. They mainly target the APAC region, and the current attack is believed to be focused on South and Southeast Asia.
Before installing a backdoor on a windows computer in the final stage, threat actors follow complex sequences of dropping, downloading, and installing stages. During this process, in every stage, they mimic a known software, such as security software, software for making DVD videos, sound drivers’ software, to evade detection.
The shellcode itself contains position-independent code connected to the hardcoded C&C address, download an encrypted payload, then decrypt and launch it using a hardcoded unpacking password.
Titanium Threat actors always have a habit to use Wrapper DLLs to decrypt and load an encrypted file on the system memory.
At the final stage of installing a backdoor, attackers use the Trojan-Backdoor installer that launches from the command line using a password to unpack it. Installer receives a command from the C2 server by sending an empty request to the C2 server, and the malware can also get proxy settings from Internet Explorer. In response, C2 Server sends a PNG file that contains steganographically hidden data. This data is encrypted with the same key as the C&C requests. The decrypted data contains backdoor commands to steal the data from infected victims.
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
ID-REDACT® ensures full compliance with the DPDP Act for Indi
Data Safeguard India Pvt Ltd, a wholly-owned subsidiary of Data Safeguard ...
AMARA RAJA POWER SYSTEMS LTD.
WIPRO LTD.
QUICK HEAL TECHNOLOGIES PVT. Ltd.
BEETEL TELETECH LTD.
Technology Icons Of India 2023: C P Gurnani
CP Gurnani (popularly known as ‘CP’ within his peer group), is the...
Technology Icons Of India 2023: Dr. P D Vaghela
Dr PD Vaghela serves as the Chairperson of Telecommunications Regulato...
Technology Icons Of India 2023: Sunil Bharti Mittal
Sunil Bharti Mittal is the Founder and Chairman of Bharti Enterprises,...
Aadhaar: Architecting the World's Largest Biometric Identity System
The Unique Identification Authority of India (UIDAI) is a statutory au...
GeM maintains transparency in online procurement of goods & services
Created in a record time of five months, Government eMarketplace is a ...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
IRIS GLOBAL SERVICES PVT. LTD.
Iris Global services is one of the leading distribution houses that d...
NETPOLEON SOLUTIONS
Netpoleon Group is a Value-Added Distributor (VAD) of Network Security...
SONATA INFORMATION TECHNOLOGY LIMITED
Sonata Software Limited is a leading Modernization engineering company...