A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel.
“The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files,” Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi said in a recent report.
Details of the malware were first documented by cybersecurity researcher Will Thomas (@BushidoToken) in November 2022 by querying the IoT search engine Shodan.
Titan is offered as a builder, enabling customers to customize the malware binary to include specific functionalities and the kind of information to be exfiltrated from a victim’s machine.
The malware, upon execution, employs a technique known as process hollowing to inject the malicious payload into the memory of a legitimate process known as AppLaunch.exe, which is the Microsoft .NET ClickOnce Launch Utility.
