Titanium (malware): Difference between revisions

Titanium
Titanium
Classification	Computer trojan
Authors	PLATINUM

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Inline

Latest revision as of 05:56, 31 July 2023

Titanium is a very advanced backdoor malware APT, developed by PLATINUM, a cybercrime collective. The malware was uncovered by Kaspersky Lab and reported on 8 November 2019.^[1]^[2]^[3]^[4]^[5]^[6]^[7] According to Global Security Mag, "Titanium APT includes a complex sequence of dropping, downloading and installing stages, with deployment of a Trojan-backdoor at the final stage."^[2] Much of the sequence is hidden from detection in a sophisticated manner, including hiding data steganographically in a PNG image.^[3] In their announcement report, Kaspersky Lab concluded: "The Titanium APT has a very complicated infiltration scheme. It involves numerous steps and requires good coordination between all of them. In addition, none of the files in the file system can be detected as malicious due to the use of encryption and fileless technologies. One other feature that makes detection harder is the mimicking of well-known software. Regarding campaign activity, we have not detected any current activity [as of 8 November 2019] related to the Titanium APT."^[1]

References

^ ^a ^b AMR (Anti-Malware Research), GReAT (Global Research & Analysis Team) (8 November 2019). "Titanium: the Platinum group strikes again". Kaspersky Lab. Retrieved 9 November 2019.
^ ^a ^b Staff (November 2019). "Kaspersky identifies new Titanium backdoor used for attacks by notorious Platinum group in APAC region". Global Security Mag Online. Retrieved 9 November 2019.
^ ^a ^b Goodin, Dan (8 November 2019). "One of the world's most advanced hacking groups debuts new Titanium backdoor - Malware hides at every step by mimicking common software in long multi-stage execution". Ars Technica. Retrieved 9 November 2019.
^ Seals, Tara (8 November 2019). "Platinum APT Shines Up New Titanium Backdoor". ThreatPost.com. Retrieved 9 November 2019.
^ Osborne, Charlie (8 November 2019). "Platinum APT's new Titanium backdoor mimics popular PC software to stay hidden - The group uses encryption, fileless technologies, and mimicry to stay under the radar". ZDNet. Retrieved 9 November 2019.
^ Ewell, Pauline (8 November 2019). "Platinum APT Shines Up New Titanium Backdoor". MashViral.com. Archived from the original on 9 November 2019. Retrieved 9 November 2019.
^ Staff (9 November 2019). "'Platinum' Hacking Group Strikes Once more With Complicated Titanium Backdoor To Home windows". MarketResearchBase.com. Archived from the original on 9 November 2019. Retrieved 9 November 2019.

External links

Kaspersky Lab

[KAS-20191108-1] AMR (Anti-Malware Research), GReAT (Global Research & Analysis Team) (8 November 2019). "Titanium: the Platinum group strikes again". Kaspersky Lab. Retrieved 9 November 2019.

[GSM-20191108-2] Staff (November 2019). "Kaspersky identifies new Titanium backdoor used for attacks by notorious Platinum group in APAC region". Global Security Mag Online. Retrieved 9 November 2019.

[AT-20191108-3] Goodin, Dan (8 November 2019). "One of the world's most advanced hacking groups debuts new Titanium backdoor - Malware hides at every step by mimicking common software in long multi-stage execution". Ars Technica. Retrieved 9 November 2019.

[TP-20191108-4] Seals, Tara (8 November 2019). "Platinum APT Shines Up New Titanium Backdoor". ThreatPost.com. Retrieved 9 November 2019.

[ZDN-20191108-5] Osborne, Charlie (8 November 2019). "Platinum APT's new Titanium backdoor mimics popular PC software to stay hidden - The group uses encryption, fileless technologies, and mimicry to stay under the radar". ZDNet. Retrieved 9 November 2019.

[MV-20191108-6] Ewell, Pauline (8 November 2019). "Platinum APT Shines Up New Titanium Backdoor". MashViral.com. Archived from the original on 9 November 2019. Retrieved 9 November 2019.

[MRB-20191109-7] Staff (9 November 2019). "'Platinum' Hacking Group Strikes Once more With Complicated Titanium Backdoor To Home windows". MarketResearchBase.com. Archived from the original on 9 November 2019. Retrieved 9 November 2019.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

@@ Line 1: / Line 1: @@
-{{short description|advanced Backdoor Advanced persistent threat, developed by PLATINUM}}
+{{Short description|Advanced Backdoor Advanced persistent threat, developed by PLATINUM}}
 {{use dmy dates |date=November 2019}}
 {{About|computer malware|other uses|Titanium (disambiguation)}}
@@ Line 23: / Line 23: @@
 }}
-'''Titanium''' is a very advanced and insidious [[Backdoor (computing)|backdoor]] [[malware]] [[Advanced persistent threat|APT]], developed by [[PLATINUM (cybercrime group)|PLATINUM]], a [[cybercrime]] collective. The malware was uncovered by [[Kaspersky Lab]] and reported on 8 November 2019.<ref name="KAS-20191108">{{cite news |author=AMR (Anti-Malware Research), GReAT (Global Research & Analysis Team) |title=Titanium: the Platinum group strikes again |url=https://securelist.com/titanium-the-platinum-group-strikes-again/94961/ |date=8 November 2019 |work=[[Kaspersky Lab]] |accessdate=9November 2019 }}</ref><ref name="GSM-20191108">{{cite news |author=Staff |title=Kaspersky identifies new Titanium backdoor used for attacks by notorious Platinum group in APAC region |url=http://www.globalsecuritymag.com/Kaspersky-identifies-new-Titanium,20191108,92551.html |date=November 2019 |work=Global Security Mag Online |accessdate=9 November 2019 }}</ref><ref name="AT-20191108">{{cite news |last=Goodin |first=Dan |title=One of the world’s most advanced hacking groups debuts new Titanium backdoor - Malware hides at every step by mimicking common software in long multi-stage execution. |url=https://arstechnica.com/information-technology/2019/11/newly-discovered-titanium-backdoor-employs-clever-ways-to-go-undetected/ |date=8 November 2019 |work=[[Ars Technica]] |accessdate=9 November 2019 }}</ref><ref name="TP-20191108">{{cite news |last=Seals |first=Tara |title=Platinum APT Shines Up New Titanium Backdoor |url=https://threatpost.com/platinum-apt-titanium-backdoor/150062/ |date=8 November 2019 |work=ThreatPost.com |accessdate=9 November 2019 }}</ref><ref name="ZDN-20191108">{{cite news |last=Osborne |first=Charlie |title=Platinum APT’s new Titanium backdoor mimics popular PC software to stay hidden - The group uses encryption, fileless technologies, and mimicry to stay under the radar. |url=https://www.zdnet.com/article/platinum-apts-new-titanium-backdoor-mimics-popular-pc-software-to-stay-hidden/ |date=8 November 2019 |work=[[ZDNet]] |accessdate=9 November 2019 }}</ref><ref name="MV-20191108">{{cite news |last=Ewell |first=Pauline |title=Platinum APT Shines Up New Titanium Backdoor |url=http://mashviral.com/platinum-apt-shines-up-new-titanium-backdoor/ |date=8 November 2019 |work=MashViral.com |accessdate=9 November 2019 }}</ref><ref name="TD-20191109">{{cite news |last=Immanni |first=Manikanta |title=Platinum APT Finds New Backdoor named Titanium. Sneaks Cleverly to Steal Info. |url=https://techdator.net/platinum-apt-finds-new-backdoor-named-titanium-sneaks-cleverly-to-steal-info/ |date=9 November 2019 |work=TechDator.net |accessdate=9 November 2019 }}</ref><ref name="MRB-20191109">{{ cite news |author=Staff |title='Platinum' Hacking Group Strikes Once more With Complicated Titanium Backdoor To Home windows |url=https://marketresearchbase.com/2019/11/09/platinum-hacking-group-strikes-once-more-with-complicated-titanium-backdoor-to-home-windows/ |date=9 November 2019 |work=MarketResearchBase.com |accessdate=9 November 2019 }}</ref> According to ''Global Security Mag'', "Titanium APT includes a complex sequence of dropping, downloading and installing stages, with deployment of a Trojan-backdoor at the final stage."<ref name="GSM-20191108" /> Much of the sequence is hidden from detection in a sophisticated manner, including by hiding data [[Steganography|steganographically]] in a [[Portable Network Graphics|PNG image]].<ref name="AT-20191108" /> In their announcement report, Kaspersky Lab concluded: "The Titanium APT has a very complicated infiltration scheme. It involves numerous steps and requires good coordination between all of them. In addition, none of the files in the file system can be detected as malicious due to the use of encryption and fileless technologies. One other feature that makes detection harder is the mimicking of well-known software. Regarding campaign activity, we have not detected any current activity [as of 8 November 2019] related to the Titanium APT."<ref name="KAS-20191108" />
+'''Titanium''' is a very advanced [[Backdoor (computing)|backdoor]] [[malware]] [[Advanced persistent threat|APT]], developed by [[PLATINUM (cybercrime group)|PLATINUM]], a [[cybercrime]] collective. The malware was uncovered by [[Kaspersky Lab]] and reported on 8 November 2019.<ref name="KAS-20191108">{{cite news |author=AMR (Anti-Malware Research), GReAT (Global Research & Analysis Team) |title=Titanium: the Platinum group strikes again |url=https://securelist.com/titanium-the-platinum-group-strikes-again/94961/ |date=8 November 2019 |work=[[Kaspersky Lab]] |access-date=9 November 2019 }}</ref><ref name="GSM-20191108">{{cite news |author=Staff |title=Kaspersky identifies new Titanium backdoor used for attacks by notorious Platinum group in APAC region |url=http://www.globalsecuritymag.com/Kaspersky-identifies-new-Titanium,20191108,92551.html |date=November 2019 |work=Global Security Mag Online |access-date=9 November 2019 }}</ref><ref name="AT-20191108">{{cite news |last=Goodin |first=Dan |title=One of the world's most advanced hacking groups debuts new Titanium backdoor - Malware hides at every step by mimicking common software in long multi-stage execution. |url=https://arstechnica.com/information-technology/2019/11/newly-discovered-titanium-backdoor-employs-clever-ways-to-go-undetected/ |date=8 November 2019 |work=[[Ars Technica]] |access-date=9 November 2019 }}</ref><ref name="TP-20191108">{{cite news |last=Seals |first=Tara |title=Platinum APT Shines Up New Titanium Backdoor |url=https://threatpost.com/platinum-apt-titanium-backdoor/150062/ |date=8 November 2019 |work=ThreatPost.com |access-date=9 November 2019 }}</ref><ref name="ZDN-20191108">{{cite news |last=Osborne |first=Charlie |title=Platinum APT's new Titanium backdoor mimics popular PC software to stay hidden - The group uses encryption, fileless technologies, and mimicry to stay under the radar. |url=https://www.zdnet.com/article/platinum-apts-new-titanium-backdoor-mimics-popular-pc-software-to-stay-hidden/ |date=8 November 2019 |work=[[ZDNet]] |access-date=9 November 2019 }}</ref><ref name="MV-20191108">{{cite news |last=Ewell |first=Pauline |title=Platinum APT Shines Up New Titanium Backdoor |url=http://mashviral.com/platinum-apt-shines-up-new-titanium-backdoor/ |date=8 November 2019 |work=MashViral.com |access-date=9 November 2019 |archive-date=9 November 2019 |archive-url=https://web.archive.org/web/20191109155017/http://mashviral.com/platinum-apt-shines-up-new-titanium-backdoor/ |url-status=dead }}</ref><ref name="MRB-20191109">{{cite news |author=Staff |title='Platinum' Hacking Group Strikes Once more With Complicated Titanium Backdoor To Home windows |url=https://marketresearchbase.com/2019/11/09/platinum-hacking-group-strikes-once-more-with-complicated-titanium-backdoor-to-home-windows/ |date=9 November 2019 |work=MarketResearchBase.com |access-date=9 November 2019 |archive-date=9 November 2019 |archive-url=https://web.archive.org/web/20191109181802/https://marketresearchbase.com/2019/11/09/platinum-hacking-group-strikes-once-more-with-complicated-titanium-backdoor-to-home-windows/ |url-status=dead }}</ref> According to ''Global Security Mag'', "Titanium APT includes a complex sequence of dropping, downloading and installing stages, with deployment of a Trojan-backdoor at the final stage."<ref name="GSM-20191108" /> Much of the sequence is hidden from detection in a sophisticated manner, including hiding data [[Steganography|steganographically]] in a [[Portable Network Graphics|PNG image]].<ref name="AT-20191108" /> In their announcement report, Kaspersky Lab concluded: "The Titanium APT has a very complicated infiltration scheme. It involves numerous steps and requires good coordination between all of them. In addition, none of the files in the file system can be detected as malicious due to the use of encryption and [[Fileless malware|fileless]] technologies. One other feature that makes detection harder is the mimicking of well-known software. Regarding campaign activity, we have not detected any current activity [as of 8 November 2019] related to the Titanium APT."<ref name="KAS-20191108" />
 ==See also==
@@ Line 40: / Line 40: @@
 [[Category:Cybercrime]]
 [[Category:Hacking in the 2010s]]
-[[Category:2019 in computer science]]
+[[Category:2019 in computing]]

v t e Malware topics
Infectious malware	Comparison of computer viruses Computer virus Computer worm List of computer worms Timeline of computer viruses and worms
Concealment	Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Rootkit Trojan horse Zombie computer
Malware for profit	Adware Botnet Crimeware Fleeceware Form grabbing Fraudulent dialer Infostealer Keystroke logging Malbot Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats
By operating system	Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses HyperCard viruses
Protection	Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security
Countermeasures	Computer and network surveillance Honeypot Operation: Bot Roast