Saturday, April 13, 2024
HomeSECURITYa new information thief aimed at Windows systems

a new information thief aimed at Windows systems


ThirdEye: a new information thief aimed at Windows systems

Apparently, the purpose of hackers are Russian-speaking users.

New malware for Windowscapable of stealing confidential data from infected computers, was found researchers from Fortinet FortiGuard Labs. They called it “ThirdEye” (“third eye”) and noted that this software had not previously appeared in antivirus databases.

The distribution method of this malicious code is not yet known, but apparently it uses phishing campaigns. The researchers found it in an executable file that was disguised as a PDF document with the Russian name “CMK Rules for issuing sick leave.pdf.exe.” The first sample of ThirdEye has been uploaded to VirusTotal April 4, 2023 and had relatively little functionality.

ThirdEye is able to collect system metadata such as BIOS release date and manufacturer, C drive total/free space, current processes, usernames, volume information. The collected data is then transferred to C2 server attackers. The distinguishing feature of the malicious code is that it uses the string “3rd_eye” to communicate with the C2 server.

So far, there is no indication that ThirdEye has been actively used in cyberattacks. However, most of the malware samples were uploaded to VirusTotal from Russia, which may indicate that the hackers are targeting Russian-speaking organizations.

“Although this malicious code is not sophisticated, it is designed to steal various information from infected machines, which can be used as a starting point for future attacks,” Fortinet researchers said, adding that the data collected is “valuable for understanding and narrowing down potential targets.” “.

This is not the only example of malicious code that has recently targeted Windows users. Previously was found that fake installers of the popular video game Super Mario Bros, hosted on suspicious torrent sites, are used to distribute cryptocurrency miners and an open data thief Umbral, written in C #, which pumps out data of interest using webhooks Discord.

“The combination of mining and data theft results in financial losses, a significant reduction in the performance of the victim’s system, and the depletion of valuable system resources,” the company said. Cyble.

Recently, video game users also became victims based on Python ransomware and remote access trojan (RAT) called SeroXen, which uses commercial obfuscation engine ScrubCrypt (aka BatCloak) batch files to avoid detection. There is evidence that actors associated with the development of SeroXen were also involved in the creation of ScrubCrypt.

It is extremely important to remain vigilant and not open dubious files received from unknown senders or downloaded from suspicious sites, especially if they have a double extension. It is also recommended to use a reliable antivirus and update it regularly to securely protect your information from new threats.

Source link


Please enter your comment!
Please enter your name here

Most Popular