CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

A New Golang-Based Information Stealer Malware Emerges

admin by admin
January 30, 2023
in Information Security


Jan 30, 2023Ravie LakshmananThreat Detection / Malware

A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel.

“The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files,” Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi said in a recent report.

Details of the malware were first documented by cybersecurity researcher Will Thomas (@BushidoToken) in November 2022 by querying the IoT search engine Shodan.

Titan is offered as a builder, enabling customers to customize the malware binary to include specific functionalities and the kind of information to be exfiltrated from a victim’s machine.

The malware, upon execution, employs a technique known as process hollowing to inject the malicious payload into the memory of a legitimate process known as AppLaunch.exe, which is the Microsoft .NET ClickOnce Launch Utility.

Some of the major web browsers targeted by Titan Stealer include Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex, Opera, Brave, Vivaldi, 7 Star Browser, Iridium Browser, and others. The crypto wallets singled out are Armory, Armory, Bytecoin, Coinomi, Edge Wallet, Ethereum, Exodus, Guarda, Jaxx Liberty, and Zcash.

It’s also capable of gathering the list of installed applications on the compromised host and capturing data associated with the Telegram desktop app.

The amassed information is subsequently transmitted to a remote server under the attacker’s control as a Base64-encoded archive file. Furthermore, the malware comes with a web panel that enables adversaries to access the stolen data.

The exact modus operandi used to distribute the malware is unclear as yet, but traditionally threat actors have leveraged a number of methods, such as phishing, malicious ads, and cracked software.

“One of the primary reasons [threat actors] may be using Golang for their information stealer malware is because it allows them to easily create cross-platform malware that can run on multiple operating systems, such as Windows, Linux, and macOS,” Cyble said in its own analysis of Titan Stealer.

“Additionally, the Go compiled binary files are small in size, making them more difficult to detect by security software.”

The development arrives a little over two months after SEKOIA detailed another Go-based malware referred to as Aurora Stealer that’s being put to use by several criminal actors in their campaigns.

The malware is typically propagated via lookalike websites of popular software, with the same domains actively updated to host trojanized versions of different applications.

It has also been observed taking advantage of a method known as padding to artificially inflate the size of the executables to as much as 260MB by adding random data so as to evade detection by antivirus software.

The findings come close on the heels of a malware campaign that has been observed delivering Raccoon and Vidar using hundreds of fake websites masquerading as legitimate software and games.

Team Cymru, in an analysis published earlier this month, noted that “Vidar operators have split their infrastructure into two parts; one dedicated to their regular customers and the other for the management team, and also potentially premium / important users.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Reduce risk by implementing HttpOnly cookie authentication in Amazon API Gateway

Next Post

Illuminatequick

Related Posts

Information Security

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

by admin
March 29, 2023
Information Security

How to use Amazon GuardDuty and AWS WAF v2 to automatically block suspicious hosts

by admin
March 29, 2023
Information Security

Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

by admin
March 28, 2023
Information Security

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

by admin
March 27, 2023
Information Security

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

by admin
March 26, 2023
Next Post

Illuminatequick

Recommended

Innatelogicalfluency ~ Future of CIO

March 30, 2023

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

March 29, 2023

How to use Amazon GuardDuty and AWS WAF v2 to automatically block suspicious hosts

March 29, 2023

Influencing ~ Future of CIO

March 29, 2023

Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

March 28, 2023

Illogic ~ Future of CIO

March 28, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.