Titan Stealer, the latest addition to Golang-based infostealer

February 1, 2023
Titan Stealer Golang Infostealer Malware

Threat actors now offer a new Golang-based information stealer called Titan Stealer on a Telegram channel. Reports revealed that this newly emerged infostealer could steal information from compromised Windows devices, such as saved data from browsers and cryptocurrency wallets.

Other investigations revealed that this infostealer could harvest FTP client details, and critical files, take screenshots, and gather system information.

 

Threat actors advertised the Titan Stealer as a builder.

 

The authors of Titan Stealer offered their product as a builder. This opportunity allows their customers to alter the malware binary, which includes unique functionalities, and input the type of information they want on a targeted device.

This infostealer also employs a technique called process hollowing to attach the malicious payload into the memory of a legitimate process upon execution. Researchers said that the fair process compromised by the malware is called AppLaunch[.]exe.

Some of the well-known internet browsers targeted by this newly emerged infostealer include Yandex, Opera, Brave, Microsoft Edge, Vivaldi, 7 Star Browser, Mozilla Firefox, Iridium Browser, Google Chrome, and others.

Titan stealer has also targeted popularly used crypto wallets such as Bytecoin, Coinomi, Edge Wallet, Guarda, Jaxx Liberty, Atomic, Ethereum, Exodus, Zcash, and Armory. This malware could gather the list of installed apps on the infected host and capture data related to the Telegram desktop application.

The collected information is transferred to a remote server controlled by the actors. The malware comes with a web panel that allows attackers to access the stolen data.

Currently, the exact process of the malware spread is still a mystery. Researchers believe that threat operators have exploited different methods, such as phishing, malicious advertisements, and pirated software.

Some analysts claimed that the threat actors used the Go language as the base for their malware since it could enable them to develop cross-platform malware that could operate on several operating systems like Linux, iOS, and Windows.

This discovery was made by researchers a couple of months after another Go-based malware called Aurora Stealer became a well-known infostealer.

About the author

Leave a Reply