Titanium Backdoor Uses Multi-Stage Process to Target Asia-Pacific’s Users

According to report, cyber security experts & researchers have discovered a new cyber threat that targets the south and southeast Asia. Experts founded hacker group behind this malware campaign which exist as name of Platinum or Advanced Persistent Threat (APT) hacker group Platinum uses Titanium Trojan for malicious purposes. Hacker claims that Titanium is powerful backdoor malware that is delivered as final payload due to multi-stage infection process. However, this new backdoor malware developed by Platinum hacker group is targeting victims in Malaysia, Indonesia and Vietnam, located in South and Southeast Asia. Let’s start the discussion about this malware attack in detail.

Platinum hacker group developed Titanium backdoor Malware: Multi-stage infection

According to security experts, Titanium is one of the self-executable archives backdoor viruses that spreads as final payload due to multi-stage infection process including usage of steganographically hidden data. This infection process also helps the malware to avoid detection by even the most advanced cyber security solution.

For those who are not aware, Platinum cybercriminals group is well known in cyber world which was begin its activities in 2009 while Microsoft researchers claims that this hacker group might have been active for several years prior. Platinum hacker group is mainly target the high-profile including military, government and political sectors in Asia-pacific (APAC) region. Recently, the hacker group was involved in infiltration techniques for its malware including stegranography, fileless infection, zero-day exploit and spear phishing attacks.

Platinum hacker group uses multi-stage functionality of Titanium APT

Researchers further explained that hacker group behind Titanium backdoor malware uses multi-stage functionality to target the victims. When we talk about infection stage, the first stage allows the malware to connect to hardcoded command and control server that is responsible to download the next payloads. The next downloader is self-extracting or executing DLL files that use URLs executable code. The file also uses SFX archive and it is protected by password “Titanium”.

The main goal of Platinum hacker group behind Titanium backdoor attack is to install new task that would increase the persistence of the host computer. Finally payload, Titanium Trojan downloaded. Once malware installed, it would help the hacker to identify the infected System including System ID, computer name, serial number of hard drives. However, they will also able to access your personal files & folders. So, there is need of strong cyber security software to remove such malware attack.

You may also read: APIs Bug allows the developer to access Facebook Users’ Private Photos