The Titan Stealer malware, a new type of information-stealing malware observed among threat actors worldwide.
Using Golang, cybercriminals can create a customized version of the Stealer executable, capable of stealing sensitive information from infected Windows machines.
Table of Contents
- What is Titan Stealer Malware?
- How Does Titan Stealer Work?
- What Data Can Titan Stealer Steal?
- Who is at Risk?
- KillNet usage of Titan Stealer
- A concerning shift
- Titan Stealer Pricing Structure
- Hunting Titan Stealer
- Conclusion
What is Titan Stealer Malware?
Titan Stealer is a type of malware that can steal sensitive information from infected Windows machines.
The Login Panel of Titan Stealer
The Login Panel of Titan Stealer
It is created using a programming language called Golang and is being used by cybercriminals to steal data from victims.
The malware’s panel has a “Builder” page that allows cybercriminals to create customized versions of the executable file to steal sensitive data using the victim’s domain name.
The executable file is compiled with a user-specified build ID and file extensions. This allows the malware to grab sensitive information such as passwords, browsing history, and more from the victim’s computer.
How Does Titan Stealer Work?
Titan Stealer malware steals sensitive information by accessing the “User Data” folder of various browsers.
This folder contains data like passwords, browsing history, autofill, and more. The malware spreads through methods like phishing, malicious ads, and cracked software.
It also uses a technique called process hollowing to inject the malicious code into a legitimate process called AppLaunch.exe.
The Titan Stealer Project on Telegram
The Titan Stealer Project on Telegram
What Data Can Titan Stealer Steal?
The stealer can steal a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files.
One of the most concerning aspects of Titan Stealer malware is that it specifically targets popular web browsers like Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex, Opera, Brave, Vivaldi, 7 Star Browser, Iridium Browser, and others.
Additionally, crypto wallets like Armory, Atomic, Bytecoin, Coinomi, Edge Wallet, Ethereum, Exodus, Guarda, Jaxx Liberty, and Zcash have also been targeted by this malware.
Who is at Risk?
The Titan Stealer malware is being marketed and sold by a threat actor through a Telegram channel for cybercrime purposes.
The malware is a cross-platform information stealer that targets Windows machines worldwide, posing a significant risk to organizations and individuals.
KillNet usage of Titan Stealer
Cybersecurity professionals are on high alert after Killnet, a notorious hacking group, announced on their Telegram channel that they intend to use the new Titan Stealer malware in their future attacks.
KillNet usage of Titan Stealer
KillNet usage of Titan Stealer
A concerning shift
Killnet’s pro-Russia stance, coupled with its intention to use the Titan Stealer malware, has heightened the cybersecurity threat to organizations and individuals worldwide.
The malware’s information-stealing capabilities, combined with Killnet’s reputation for cyberattacks, make the group’s announcement a significant concern for cybersecurity professionals.
Titan Stealer Pricing Structure
In addition to the risks posed by Titan Stealer malware, the pricing structure used by cybercriminals to distribute this malware is also alarming.
According to recent post on Telegram, cybercriminals are selling the malware for a monthly fee of $99, $169 for two months, and $249 for three months.
The affordability of these prices makes the malware accessible to a wide range of criminals
Titan Stealer being sold for various prices
Titan Stealer being sold for various prices
Hunting Titan Stealer
In response to the growing threat of Titan Stealer malware, cybersecurity researcher Will Thomas, known online as BushidoToken, has created a quick guide on how to hunt for this new type of information-stealing malware.
The guide is aimed at cybersecurity professionals and outlines various techniques and tools that can be used to identify and neutralize Titan Stealer malware. Joshua Penny actually validated on Twitter that the hunting guide is still working.
Titan Stealer on URLscan
Titan Stealer on URLscan
Titan Stealer Quick Hunting
Shodan Dork
http.html:”Titan Stealer”
URLscan Query
Search for the Index.css file and the default port used on URLscan
https://urlscan.io/result/daca0fcd-bbc9-48c8-810d-89fee466b639
Search By Hashes (As shown by @Robemtnz)
Hunting for Titan Stealer on URLscan
Hunting for Titan Stealer on URLscan
Conclusion
Titan Stealer is a significant threat to cybersecurity, targeting organizations and individuals worldwide.
