As technology is evolving with each passing day, hackers are also finding ways to discover backdoors for hacking. One such attempt is made by the World’s most advanced hacking group. The Kaspersky Lab Security Researchers discovered a new backdoor i.e Dubbed Titanium.
This malware is the final payload that makes use of tricks to deceive the antivirus protection installed in any system. These tricks could be anything like mimicking the device’s drivers, encryption, and memory-only infections. Hackers also deliver hidden data using Steganography in the PNG image.
The name of this backdoor is taken from a password. Titanium is inherited from Platinum which is a hacking group that hacks systems in Asia Pacific regions. These hackers are ethical and work in favor of the nation.
Kaspersky Lab researchers have written that “The Titanium APT has a very complicated infiltration scheme. It involves numerous steps and requires good coordination between all of them. In addition, none of the files in the file system can be detected as malicious due to the use of encryption and file-less technologies. One other feature that makes detection harder is the mimicking of well-known software.”
In the beginning, it has tried many methods to test the Titanium and spread it among local computers under the test. There is one Intranet connection which is already infected with a certain malware. Second is the SFX archive having a Windows installation task. Thirdly is shellcode which is processed through the winlogon.exe process.
Conclusively, the results are –
- It can read any file stored in a local system.
- It can send files to the server controlled by attackers
- Drop any external file in the system.
- Delete the file from the system.
- Run any external file in the system.
- Update configuration parameters.
The most popular and worldwide recognized hacking group – Platinum is operating from 2009 as per the report published by Microsoft. Initially, the idea behind the creation of this group is to protect the intellectual properties related to the nation’s interests. Platinum count on spear-phishing and zero-day exploits.
Kasper sky Lab has stated that so far no activity related to Titanium is detected. It is yet to discover that the reason is either malware is not working properly or it is difficult to find out the infected computer.