Titanium APT uses fileless technique to inject new hidden backdoor on Windows
By MYBRANDBOOK
A new wave of malware attack from the Titanium APT group have struck to infect Windows with hidden backdoor by mimicking common legitimate software and file less technique. Additionally, the malware file system cannot be detected as malicious due to the use of encryption and fileless technologies to infect the victims.
Titanium APT is one of the technologically advanced hacking groups; they are using the various sophisticated techniques to attack the target, and their method of attack makes very hard to detect their activities in wide. They mainly target the APAC region, and the current attack is believed to be focused on South and Southeast Asia.
Before installing a backdoor on a windows computer in the final stage, threat actors follow complex sequences of dropping, downloading, and installing stages. During this process, in every stage, they mimic a known software, such as security software, software for making DVD videos, sound drivers’ software, to evade detection.
The shellcode itself contains position-independent code connected to the hardcoded C&C address, download an encrypted payload, then decrypt and launch it using a hardcoded unpacking password.
Titanium Threat actors always have a habit to use Wrapper DLLs to decrypt and load an encrypted file on the system memory.
At the final stage of installing a backdoor, attackers use the Trojan-Backdoor installer that launches from the command line using a password to unpack it. Installer receives a command from the C2 server by sending an empty request to the C2 server, and the malware can also get proxy settings from Internet Explorer. In response, C2 Server sends a PNG file that contains steganographically hidden data. This data is encrypted with the same key as the C&C requests. The decrypted data contains backdoor commands to steal the data from infected victims.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
CENTRE FOR DEVELOPMENT OF TELEMATICS
HAVELLS INDIA LTD.
DIGISOL SYSTEMS LTD.
GLOBUS INFOCOM LTD.
Technology Icons Of India 2023: Ajit Balakrishnan
The Company markets specific channels, community features, local langu...
Technology Icons Of India 2023: Byju Raveendran
Byju Raveendran is the founder of edutech start-up Byju’s. Raveendra...
Technology Icons Of India 2023: Kulmeet Bawa
Kulmeet Bawa resides as President & Managing Director, SAP Indian subc...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country
IndianOil, a diversified, integrated energy major with presence in alm...
TCIL continues to strengthen India with its technology expertise
TCIL undertakes consultancy & turnkey projects in the field of Telecom...
BEETEL TELETECH LTD.
: Beetel is one of the oldest and most reputed brands in the Industry,...
SATCOM INFOTECH PVT. LTD.
Satcom Infotech Pvt. Ltd is a distribution houses in security in India...
B D SOFTWARE
BD Software is the distributor of IT security solutions in India. The ...