A new information stealer called ThirdEye has been observed in the wild and may target Windows users.
Fortigard Labs, the threat research arm of cybersecurity firm Fortinet, described the new threat in a technical document released Tuesday.
In it, the company said ThirdEye was designed to extract valuable system information from compromised machines, which could be exploited in future cyberattacks.
FortiGuard further notes that while ThirdEye is not considered technically sophisticated, its capabilities include gathering BIOS and hardware data, enumerating files and folders, identifying running processes, and gathering network information. described as included.
“Although this malware is not considered sophisticated, it is designed to steal various information from compromised machines and may be used as a stepping stone for future attacks,” the advisory said. is written.
Read more about information thieves: RedEyes group targets individuals with sniffing malware
After the malware gathers information on the compromised system, it sends it to a command and control (C2) server. Specifically, the infostealer uses the unique string “3rd_eye” to identify itself to the C2.
Analysis of the samples revealed that the earliest variant discovered in April 2023 was able to collect limited information compared to more recent samples. Over time, infostealers have evolved and added additional data collection capabilities.
Additionally, most ThirdEye variants have been submitted to Russian public scanning services, and the latest variants have filenames in Russian, likely focused on Russian-speaking organizations. It has been suggested that there is
Fortinet stressed that while there is no concrete evidence that ThirdEye was used in attacks, system defenders should still be vigilant against this malware tool.
“While ThirdEye is not yet considered sophisticated, our research suggests that the attackers are an information-stealing tool, with recent samples gathering more system information compared to older variants. We have found that we are working hard to improve ,” Fortinet wrote. “We hope that effort will continue.”
The new infostealer comes amid the rise of this type of malware, and recent data from Secureworks suggests a significant spike in stolen logs in the Russian market of online markets.
