{"id":161614,"date":"2023-04-06T04:23:01","date_gmt":"2023-04-06T09:23:01","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/04\/typhon-reborn-stealer-malware-resurfaces-with-advanced-evasion-techniques"},"modified":"2023-04-06T04:23:01","modified_gmt":"2023-04-06T09:23:01","slug":"typhon-reborn-stealer-malware-resurfaces-with-advanced-evasion-techniques","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/04\/typhon-reborn-stealer-malware-resurfaces-with-advanced-evasion-techniques","title":{"rendered":"Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/typhon-reborn-stealer-malware-resurfaces-with-advanced-evasion-techniques.jpg\"><\/a><\/p>\n<p>Besides incorporating more anti-analysis and anti-virtualization checks, Typhon Reborn V2 removes its persistence features, instead opting to terminate itself after exfiltrating the data.<\/p>\n<p>The malware ultimately transmits the collected data in a compressed archive via HTTPS using the Telegram API, marking continued abuse of the messaging platform.<\/p>\n<p>\u201cOnce the data has been successfully transmitted to the attacker, the archive is then deleted from the infected system,\u201d Brumaghin said. \u201cThe malware then calls <a self-delete function> to terminate execution.\u201d<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Besides incorporating more anti-analysis and anti-virtualization checks, Typhon Reborn V2 removes its persistence features, instead opting to terminate itself after exfiltrating the data. The malware ultimately transmits the collected data in a compressed archive via HTTPS using the Telegram API, marking continued abuse of the messaging platform. \u201cOnce the data has been successfully transmitted to [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-161614","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/161614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=161614"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/161614\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=161614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=161614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=161614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}