Newly Detected Infostealer Could Pose Threat to Windows

by | 27 Jun, 2023 | Industry News

A new infostealer named ThirdEye has recently been detected, and it could cause a potential risk for Windows users.

FortiGuard Labs, the threat research division of cybersecurity firm Fortinet, described the new threat in a technical write-up published on Tuesday.

In it, the firm said ThirdEye is designed to extract valuable system information from compromised machines, which can be used in future cyber-attacks.

FortiGuard further explained that while ThirdEye is not considered technically elaborate, its capabilities include harvesting BIOS and hardware data, enumerating files and folders, identifying running processes and collecting network information.

“While this malware is not considered sophisticated, it’s designed to steal various information from compromised machines that can be used as stepping-stones for future attacks,” reads the advisory.

After collecting the compromised system’s information, the malware sends it to a command-and-control (C2) server. Notably, the infostealer uses a unique string, “3rd_eye,” to identify itself to the C2.

Analysis of the samples revealed that the earliest variant, discovered in April 2023, collected limited information compared to the more recent samples. Over time, the infostealer has evolved, adding additional data-gathering capabilities.

Further, most ThirdEye variants were submitted to a public scanning service from Russia, and the latest variant has a file name in Russian, suggesting a potential focus on Russian-speaking organizations.

Fortinet emphasized that while there is no concrete evidence of ThirdEye being used in attacks, system defenders should still be wary of this malware tool.

“While ThirdEye is not yet considered sophisticated, our investigation found the attacker has put effort into improving the infostealer, such as recent samples collecting more system information compared to older variants,” Fortinet wrote. “We expect that effort to continue.”

The new infostealer comes amid a rise in this type of malware, with recent data by Secureworks suggesting a significant surge in stolen logs on the online marketplace Russian Market.

If you would like to know how SOC Automation’s AI-powered automated threat detection platform can help protect your organisation against even the most devastating of attacks, get in touch today.

Network Detection & Response

Fortify your cyber defence like never before. Don't wait for disaster to strike - act now and safeguard your future.

Phishing Detection & Response

Don’t wait for users to detect phishing. Detect suspicious content in machine-time and trigger automated responses.

Alert Triage & Orchestration

Reduce time-to-recovery by integrating Firewall, EDR, SIEM and ALL other security alerts into proactive automation.

Continuous Threat Exposure Management

Proactively guard your network with our continuous monitoring, ensuring immediate threat identification and quick fixes.

Enterprise Network and Web SCAN

Unmatched global network and web vulnerability scanner to detect weaknesses across all assets in one platform.

Learn more about the technology behind the products


DataHelix TI

Leading AI that detects new, randomized, auto-generated and as-yet-undiscovered threats.


DataHelix AI

Edge AI technology that seeks out hackers' behaviour, giving attackers nowhere to hide.


DataHelix Auto-SaaS

Unlock automation benefits without incurring the high costs of typical manual SOAR kits.