The Typhon stealer operators have unveiled a new malware variant with modified and improved capabilities. The new malware variant is called Typhon Reborn, which has an upgraded anti-analysis feature and several new techniques.
According to investigations, the newly emerged variant has improved its stealing ability and file-snatching functions since it has better configurable options than its previous version.
The new Typhon stealer variant could function as an extension to target browsers.
Based on reports, the new version of Typhon stealer could function as a crypto-extension stealer for browsers such as MS Edge and Google Chrome to target extensions for numerous cryptocurrency platforms like BitApp, Coin98, and Binance.
The malware could also target the MS Edge web browser extensions for Rabet, Yoroi, and Metamask wallets. Additionally, it could gather additional victim information such as OS data, wireless networking passwords, machine usernames, and AV details.
The Typhon Reborn could exploit the Telegram API and infrastructure to exfiltrate stolen information. However, the most concerning part of this upgraded malware is that it includes an upgraded anti-analysis feature with several checks to bypass security detection.
It includes a new method called MeltSelf that cuts off the threat’s process, stop the execution, and remove itself from the disk through several conditions within its coding.
The conditions to execute the MeltSelf feature include the debugging arguments, checking for debuggers, the size of the physical disk, and widely known “blocklisting.” In addition, the new version can check popular sandbox usernames and virtual machine detections.
It could also review the victim’s country code and stop its execution if the infected devices are from nations that are a part of the CIS.
Typhon stealer’s Typhon Reborn variant has new features and fortified techniques, implying that its authors are putting so much effort into making their malware more threatening. The improved bypassing strategy and the addition of new cryptocurrency application browsers make it an attractive new weapon for other threat groups.
Therefore, cybersecurity experts expect that the usage of this newly upgraded stealer malware could drastically increase within the cybercriminal landscape.
