The platform operates as a driver, loading an encrypted malware module into target systems and using evasive maneuvers to ensure that the malware can infiltrate the networks of its targets without detection. Tilded platform was developed in late 2007 and underwent a substantial transformation in 2010 to prevent detection by new antivirus products. The malware was called Tilded because the platform's developers started file names with Tilde symbol followed by the letter “d."
According to security experts, it is likely that a number of targeted attacks launched in recent years can be traced back to the Tilded platform. The most noteworthy of these attacks are the Stuxnet and Duqu Trojans, although it is believed there may be other Trojans or spyware using Tilded that have not yet been identified.
A January 2012 report by antivirus vendor Kaspersky Lab indicated that the use of Tilded in both Stuxnet and Duqu means that both Trojans were probably developed simultaneously by the same team of developers and that they also used some of the same source code.