Kaspersky: Platinum (aka TwoForOne) has developed Titanium: a new backdoor, designed to infiltrate and take control of Windows systems. The malware is disguised as security solutions, sound drivers, or software commonly used to create DVDs
Platinum (aka TwoForOne) has developed Titanium: a new backdoor, designed to infiltrate and take control of Windows systems. It has been discovered by Kaspersky cyber security experts. the malware hides in plain sight by camouflaging as security solutions, sound drivers, or software commonly used to create DVDs. The main targets of this campaign were located in South and Southeast Asia. They are mostly governmental organizations, defense institutes, intelligenceÂ agencies, diplomatic institutions, and telecommunication providers in APAC region. The Titanium APT includes a complex sequence of dropping, downloading and installing stages, with deployment of a Trojan-backdoor as the final step. Almost every level of the system mimics known software, such as security software, software for making DVD videos, sound driversâ software etc.Â
The cyber security experts: The APT malware has a very complicated infiltration scheme and detection is hard
According to the cyber security experts, the default Titanium distribution is an exploit capable of executing code as a SYSTEM user; a shellcode to download the next downloader, a downloader to download an SFX archive that contains a Windows task installation script, a password-protected SFX archive with a Trojan-backdoor installer, an installer script, a COM object DLL (a loader), and the Trojan-backdoor itself. Furthermore, Kaspersky believes that Platinum APT uses local intranet websites with a malicious code to start spreading the malware. It has a very complicated infiltration scheme. It involves numerous steps and requires good coordination between all of them. In addition, none of the files in the file system can be detected as malicious due to the use of encryption and fileless technologies. One other feature that makes detection harder is the mimicking of well-known software.