Newly Detected Infostealer Could Pose Threat to Windows

by | 27 Jun, 2023 | Industry News

A new infostealer named ThirdEye has recently been detected, and it could cause a potential risk for Windows users.

FortiGuard Labs, the threat research division of cybersecurity firm Fortinet, described the new threat in a technical write-up published on Tuesday.

In it, the firm said ThirdEye is designed to extract valuable system information from compromised machines, which can be used in future cyber-attacks.

FortiGuard further explained that while ThirdEye is not considered technically elaborate, its capabilities include harvesting BIOS and hardware data, enumerating files and folders, identifying running processes and collecting network information.

“While this malware is not considered sophisticated, it’s designed to steal various information from compromised machines that can be used as stepping-stones for future attacks,” reads the advisory.

After collecting the compromised system’s information, the malware sends it to a command-and-control (C2) server. Notably, the infostealer uses a unique string, “3rd_eye,” to identify itself to the C2.

Analysis of the samples revealed that the earliest variant, discovered in April 2023, collected limited information compared to the more recent samples. Over time, the infostealer has evolved, adding additional data-gathering capabilities.

Further, most ThirdEye variants were submitted to a public scanning service from Russia, and the latest variant has a file name in Russian, suggesting a potential focus on Russian-speaking organizations.

Fortinet emphasized that while there is no concrete evidence of ThirdEye being used in attacks, system defenders should still be wary of this malware tool.

“While ThirdEye is not yet considered sophisticated, our investigation found the attacker has put effort into improving the infostealer, such as recent samples collecting more system information compared to older variants,” Fortinet wrote. “We expect that effort to continue.”

The new infostealer comes amid a rise in this type of malware, with recent data by Secureworks suggesting a significant surge in stolen logs on the online marketplace Russian Market.

If you would like to know how SOC Automation’s AI-powered automated threat detection platform can help protect your organisation against even the most devastating of attacks, get in touch today.

DataHelix Artificial Intelligence

AI machine-learning that detects, triages and remediates threats across your organization's assets and users

Network Detection & Response

Detect and correlate threats and suspicious activity across your cloud, on-premise, sd-wan and remote network infrastructure

Phishing Detection & Response

Detect Phishing attacks and campaigns and automate the response in real-time Phishing Detection & Response

Alert Triage & Orchestration

Automate your workflows across your existing tools and investment Alert Triage & Orchestration - automate your workflows.

Continuous Threat Exposure Management

Automatically detect and rectify vulnerabilities and attack surfaces across your internet estate Threat Exposure Management.

Learn more about the technology behind the products

5

DataHelix TI

Leading-edge AI technology that detects new, randomized, auto-generated and as-yet-undiscovered threats attacking your estate

5

SCAN

Privacy-driven vulnerability and web scanning for global enterprises

5

DataHelix Auto-SaaS

Unlock automation benefits without incurring the high costs of typical manual SOAR kits