Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

This newly-discovered malware targets Windows to steal sensitive data

Magnifying glass enlarging the word 'malware' in computer machine code

Fortinet has unveiled preliminary details of a ThirdEye, a new info-stealing malware awarded a medium severity level, meaning the risk posed to victims is potentially considerable.

The company’s FortiGuard Labs discovered the stealer when it came across suspicious-looking files in a cursory review. 

The good news is that the analysts believe it not to be sophisticated in nature, but even so, Fortinet suggests that the information stolen from victim machines could go on to be used for future attacks.

ThirdEye infostealer witnessed in the wild

Suspicions were raised when the team found a Russian file name in a file archive. The name, “Табель учета рабочего времени.zip,” translates to timesheet. Inside the zipped folder are two files that pose as documents, but are actually executables. 

The .exe files are designed to target Windows machines, which have long been the subject of attacks. However, recent months have seen many attackers shift their attention to Android devices, with multiple reports of malicious apps being hosted in the Play Store.

When successfully deployed, the malware steals information like BIOS and hardware data and sends it back to its C2 server.

While early versions of the malware, dating back to April, collected little more than client_hash, OS_type, host_name, and user_name, modifications a few weeks later added new parameters targeting CPU and RAM information, network interface data, and BIOS information. 

Fortinet believes that the malware serves the purpose of “understanding and narrowing down potential targets,” and that it might be looking to target Russian victims given the language used and the fact that it was found on a public scanning service from the country.

Currently, the analysts aren’t overly concerned with the malware’s sophistication, but evidence of developments suggest that future versions could be even more intrusive. 

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.