According to reports from digital forensics specialists, the harmful hacker group called Platinum has released a new malware, Titanium. A backdoor Trojan with advanced features to manage an infected system fully.
The report, printed by security firm Kaspersky, mentions that this backdoor will hide from the sight of victims sitting as some legitimate software, like a media player, sound controller, or anti-malware security tool.
Digital forensics specialists say Platinum, conjointly known as TwoForOne, has been active for a minimum of a decade, injecting malicious code into government networks, intelligence agencies, National Defense establishments, telecommunications corporations and alternative massive organizations round the world, registering intense activity within the south and east regions of Asia.
Regarding this new malware, Kaspersky specialists make sure that Titanium encompasses a complicated sequence for its delivery, transfer and installation on the target system, finally with the preparation of the backdoor.
Titanium is additionally able to bypass the detection of just about any security tool, using encoding, camouflage techniques and delivering steganography-covered information via PNG pictures.
According to the report of the digital forensics specialists, when the Trojan completes the infection, the ultimate payload is delivered and therefore the files necessary for its execution are downloaded in the Windows Background Intelligent Transfer Service (BITS). Communication between the Trojan and its command and management (C&C) server is given by a cURL tool.
The Trojan should send a base64-encoded request, that contains a system ID, laptop name, and disc drive serial range, to start the server script: “The commands can begin to be received when setting the association,” the specialists other.
Among the most functions of this Trojan are:
Reading any system file
Sending any file from the system to C&C
Delivery and execution of any file
Updater tool
In addition, this Trojan has associate degree ‘interactive mode’ that enables attackers to receive inputs from the console programs and send the outputs to the C&C.
According to specialists from the International Institute of Cyber Security (IICS) there's still no proof of this Trojan’s activity within the wild, though the very fact|the actual fact that it's on the market on the dark net makes an attack very possible within the close future.
Brought to you by a proud member of
