Platinum, the infamous Advanced Persistent Threat (APT) group, has launched a new backdoor trojan named Titanium that has advanced capabilities of taking complete control over the target’s PC.
As reported by the Kaspersky Lab researchers, Titanium is capable of hiding in plain sight by disguising itself as a DVD burner software, sound driver, or even security software.
Platinum, tracked as TwoForOne by the researchers, has been active for the past ten years infiltrating government institutes, defense institutes, telecommunication companies, and intelligence agencies, specifically in South and Southeast Asia.
According to researchers, Titanium includes, “a complex sequence of dropping, downloading and installing stages, with the deployment of a Trojan-backdoor as the final step.
To evade security software, Titanium uses clever tricks like encryption, camouflaging as essential drivers, and delivering data stenographically in PNG images.
Once the trojan has infected a system, it drops its final payload by downloading the required files using the Windows Background Intelligent Transfer Service (BITS) service. The Titanium trojan communicates with the C2 server by using the cURL tool.
To commence the server command stream, Titanium sends “a base64-encoded request that contains a unique SystemID, computer name, and hard disk serial number.” Once the connection is established, it starts receiving commands.
Some of the tasks that the trojan can accomplish are:
Kaspersky researchers say that it has not detected any activity related to Titanium trojan. But, it could be out there since it is tough to detect the backdoor owing to its fileless technology and encryption techniques.