Malware, Application security, Threat Management
New Titan Stealer malware examined
Threat actors have been leveraging Telegram to promote the new Titan Stealer information-stealing malware, which targets Windows machines to exfiltrate browser and cryptocurrency wallet data, reports The Hacker News.
Titan Stealer, based on the Golang programming language, uses process hollowing to facilitate malicious payload injections into the AppLaunch.exe process memory, a report from Uptycs showed. Both Uptycs and Cyble reported that Titan Stealer targets Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, Brave, Yandex, Vivaldi, Iridium Browser, and 7 Star Browser, as well as the Ethereum, Edge Wallet, Exodus, Atomic, Armory, Bytecoin, Jaxx Liberty, Guarda, and Zcash cryptocurrency wallets.
Moreover, installed apps list and Telegram desktop app-related data could also be captured by the malware, which then sends the exfiltrated data to a remote server.
"One of the primary reasons [threat actors] may be using Golang for their information stealer malware is because it allows them to easily create cross-platform malware that can run on multiple operating systems, such as Windows, Linux, and macOS," said Cyble researchers.
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds