Typhon Reborn Stealer Malware Returns with Sophisticated Evasion Tactics, Security Experts Warn
Typhon Reborn Stealer, which has a reputation for successfully stealing confidential data, has released an updated version (V2) of the software.
This new version has recently resurfaced, and the creator has implemented improved strategies to evade detection and analysis. The enhanced tactics used by the perpetrator have caused concern among security experts, who fear that the updated malware’s sophisticated capabilities may result in more significant harm than its previous iteration.
The new version (V2) of the Typhon Reborn malware has been reported to include substantial enhancements aimed at hindering analysis through the implementation of anti-virtualization mechanisms.
The inclusion of these advanced features demonstrates the malware developer’s efforts to make the software more resilient against analysis and highlights the importance of continued vigilance and investment in cutting-edge security measures.
The updated version of Typhon Reborn is being sold on the dark web for a subscription fee of $59 per month, $360 per year, or $540 for a lifetime subscription.
Cisco Talos has reported that the codebase of Typhon V2, the recently resurfaced information-stealing malware, has undergone significant modifications to enhance its resilience and stability. The latest version features improved string obfuscation through the use of Base64 encoding and XOR, making analysis more challenging.
Moreover, the malware has been updated with advanced anti-infection mechanisms that evaluate a wider range of factors such as usernames, CPUIDs, applications, processes, debugger/emulation checks, and geolocation data before executing the malicious routines.
Additionally, the malware can exclude specific regions or follow a customized geolocation list based on user preferences.
Typhon Reborn’s latest version boasts a new feature that allows it to differentiate between a victim’s environment and a simulated environment on a researcher’s computer.
Typhon Reborn’s updated version continues to target various applications and extensions such as messaging apps, email clients, cryptocurrency wallets, VPN clients and gaming apps as well as capturing screenshots.
The malware now has a file grabber component that enables the attackers to search for and exfiltrate specific files. The stolen data is transmitted via HTTPS, using the Telegram API, which was also the method of choice in the original version.