New Titan Stealer malware examined

Threat actors have been leveraging Telegram to promote the new Titan Stealer information-stealing malware, which targets Windows machines to exfiltrate browser and cryptocurrency wallet data, reports The Hacker News.

Titan Stealer, based on the Golang programming language, uses process hollowing to facilitate malicious payload injections into the AppLaunch.exe process memory, a report from Uptycs showed. Both Uptycs and Cyble reported that Titan Stealer targets Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, Brave, Yandex, Vivaldi, Iridium Browser, and 7 Star Browser, as well as the Ethereum, Edge Wallet, Exodus, Atomic, Armory, Bytecoin, Jaxx Liberty, Guarda, and Zcash cryptocurrency wallets.

Moreover, installed apps list and Telegram desktop app-related data could also be captured by the malware, which then sends the exfiltrated data to a remote server.

“One of the primary reasons [threat actors] may be using Golang for their information stealer malware is because it allows them to easily create cross-platform malware that can run on multiple operating systems, such as Windows, Linux, and macOS,” said Cyble researchers.