Typhon revived and became more powerful

vor 4 Monaten · 0 comments

In early August 2022, the Cyble Research Labs team discovered a new Typhon Stealer crypto miner. Recently, experts have revealed an updated version called Typhon Reborn. Both versions have the ability to steal crypto wallets, track keystrokes, and bypass antivirus products.

The new version of Typhon Reborn has improved anti-analysis methods and added new features for stealing data and files.

In his Telegram channel, the author of Typhon Reborn also stated that the current price of the malware is $100 for a lifetime license.

New Typhon Reborn features include:

The author also removed several existing functions - a keylogger, as well as the functions of intercepting the clipboard and cryptomining. Experts suggested that removing these features should reduce the chance of being detected by antivirus. According to the Typhon Reborn developer, the removed options will be moved to separate author projects in the future.

Typhon Reborn's anti-analysis feature, once launched, runs a method called MeltSelf that kills the threat process and removes itself from disk. It is noteworthy that after entering the system, Typhon Reborn performs several checks before starting the MeltSelf process. If the following conditions are met, the MeltSelf process starts automatically.

Typhon Reborn also collects additional data about the victim and sends them to the operator's Telegram channel:

Typhon Stealer provides attackers with an easy-to-use constructor. Typhon Reborn's custom configurations lower the required technical skill set for prospects. New Typhon Reborn anti-analysis methods are evolving in line with industry trends, becoming more effective in evasive tactics and expanding the toolbox for stealing victims' data.