- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
ThirdEye Infostealer Poses New Threat to Windows Users
A new infostealer called ThirdEye has been observed in the wild, potentially targeting Windows users.
FortiGuard Labs, the threat research division of cybersecurity firm Fortinet, described the new threat in a technical write-up published on Tuesday.
In it, the firm said ThirdEye is designed to extract valuable system information from compromised machines, which can be used in future cyber-attacks.
FortiGuard further explained that while ThirdEye is not considered technically elaborate, its capabilities include harvesting BIOS and hardware data, enumerating files and folders, identifying running processes and collecting network information.
“While this malware is not considered sophisticated, it’s designed to steal various information from compromised machines that can be used as stepping-stones for future attacks,” reads the advisory.
Read more on infostealers: RedEyes Group Targets Individuals with Wiretapping Malware
After collecting the compromised system’s information, the malware sends it to a command-and-control (C2) server. Notably, the infostealer uses a unique string, “3rd_eye,” to identify itself to the C2.
Analysis of the samples revealed that the earliest variant, discovered in April 2023, collected limited information compared to the more recent samples. Over time, the infostealer has evolved, adding additional data-gathering capabilities.
Further, most ThirdEye variants were submitted to a public scanning service from Russia, and the latest variant has a file name in Russian, suggesting a potential focus on Russian-speaking organizations.
Fortinet emphasized that while there is no concrete evidence of ThirdEye being used in attacks, system defenders should still be wary of this malware tool.
“While ThirdEye is not yet considered sophisticated, our investigation found the attacker has put effort into improving the infostealer, such as recent samples collecting more system information compared to older variants,” Fortinet wrote. “We expect that effort to continue.”
The new infostealer comes amid a rise in this type of malware, with recent data by Secureworks suggesting a significant surge in stolen logs on the online marketplace Russian Market.
