- Upgrade to Microsoft Office Pro and Windows 11 Pro with this bundle for 87% off
- Get 3 months of Xbox Game Pass Ultimate for 28% off
- Buy a Microsoft Project Pro or Microsoft Visio Pro license for just $18 with this deal
- How I optimized the cheapest 98-inch TV available to look and sound incredible (and it's $1,000 off)
- The best blood pressure watches of 2024
ThirdEye Infostealer Poses New Threat to Windows Users
A new infostealer called ThirdEye has been observed in the wild, potentially targeting Windows users.
FortiGuard Labs, the threat research division of cybersecurity firm Fortinet, described the new threat in a technical write-up published on Tuesday.
In it, the firm said ThirdEye is designed to extract valuable system information from compromised machines, which can be used in future cyber-attacks.
FortiGuard further explained that while ThirdEye is not considered technically elaborate, its capabilities include harvesting BIOS and hardware data, enumerating files and folders, identifying running processes and collecting network information.
“While this malware is not considered sophisticated, it’s designed to steal various information from compromised machines that can be used as stepping-stones for future attacks,” reads the advisory.
Read more on infostealers: RedEyes Group Targets Individuals with Wiretapping Malware
After collecting the compromised system’s information, the malware sends it to a command-and-control (C2) server. Notably, the infostealer uses a unique string, “3rd_eye,” to identify itself to the C2.
Analysis of the samples revealed that the earliest variant, discovered in April 2023, collected limited information compared to the more recent samples. Over time, the infostealer has evolved, adding additional data-gathering capabilities.
Further, most ThirdEye variants were submitted to a public scanning service from Russia, and the latest variant has a file name in Russian, suggesting a potential focus on Russian-speaking organizations.
Fortinet emphasized that while there is no concrete evidence of ThirdEye being used in attacks, system defenders should still be wary of this malware tool.
“While ThirdEye is not yet considered sophisticated, our investigation found the attacker has put effort into improving the infostealer, such as recent samples collecting more system information compared to older variants,” Fortinet wrote. “We expect that effort to continue.”
The new infostealer comes amid a rise in this type of malware, with recent data by Secureworks suggesting a significant surge in stolen logs on the online marketplace Russian Market.
