Platinum APT: Researchers from Kaspersky have found a new backdoor being used by the Platinum threat group they have called Titanium. The backdoor was named after the password that is used in one of the self-executable archives. The malware can hide every step by mimicking common software. The targets of this malware include the Asian-Pacific region (APAC), primarily Southeast Asia. Titanium includes a sequence of complex steps from dropping to downloading to the installing stages, finishing with a Trojan-backdoor being downloaded. Titanium uses local intranet websites with malicious code to start spreading. The malware will also check that it was started using the SYSTEM user–if it was, then it launches command line arguments using the Windows Management Interface (WMI). If it was not, then the downloader will pass command-line arguments into an argument parser. Titanium has a very complicated infiltration scheme and involves numerous steps with good coordination between them all. None of the files can be detected as malicious because of the encryption and fileless technology that is being used.
Binary Defense was contacted by an individual who was recently scammed out of $4,000 through