Security News > 2023 > April > Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques

The threat actor behind the information-stealing malware known as Typhon Reborn has resurfaced with an updated version that packs in improved capabilities to evade detection and resist analysis.

Based on another stealer malware called Prynt Stealer, Typhon is also capable of delivering the XMRig cryptocurrency miner.

The latest V2 variant, per Cisco Talos, was marketed by its developer on January 31, 2023, on the Russian language dark web forum XSS. "Typhon Reborn stealer is a heavily refactored and improved version of the older and unstable Typhon Stealer," the malware author said, in addition to touting its inexpensive price and the absence of any backdoors.

The malware ultimately transmits the collected data in a compressed archive via HTTPS using the Telegram API, marking continued abuse of the messaging platform.

The findings come as Cyble disclosed a new Python-based stealer malware named Creal that targets cryptocurrency users via phishing sites mimicking legitimate crypto mining services like Kryptex.

The malware is no different from Typhon Reborn in that it's equipped to siphon cookies and passwords from Chromium-based web browsers as well as data from instant messaging, gaming, and crypto wallet apps.

News URL

https://thehackernews.com/2023/04/typhon-reborn-stealer-malware.html