icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Newly Surfaced ThirdEye Infostealer Targeting Windows Devices

Cyber Security Threat Summary:
Researchers have recently detected a new info stealer known as ThirdEye, which exhibits various variants, all designed to target and steal victims’ data. During a preliminary analysis, FortiGuard Labs came across this highly malicious yet, relatively unsophisticated info stealer while examining suspicious files. The researchers, became suspicious after encountering a Russian archive file translated to “time sheet” in English. Inside the archive, they discovered two additional files, both with double extensions. One of the Russian files translates to “QMS Rules for issuing sick leave” in English. Upon further investigation, the researchers observed similarities with previously detected samples of the ThirdEye info stealer, which they had been monitoring since early April 2023.

“The earliest sample of ThirdEye info stealer was discovered on 3 April 2023 at 12:36:37 GMT. This sample collected client_hash, OS_type, host_name and user_name and sent it to C2 server “(glovatickets(.)ru/ch3ckState)” with a custom web request header: Cookie: 3rd_eye=. It was submitted to a file scanning service on 4 April 2023. A few weeks later, researchers found a variant which had a compile timestamp of 26 April 09:56:55 GMT. This variant collected additional data, including the BIOS vendor and release date, RAM size, CPU core number, user’s desktop files list, list of registered users on the device, and network interface data. However, this version crashes in some virtual machines. One day later, they found a new variant with just one change: it used a PDF icon. This variant used “(ohmycars(.)ru/ch3ckState)” as C2 communications. Later, another variant was found which gathered additional data such as total and free disk space on the C drive, domain name, network ports list, list of programs and version numbers, systemUptime, CD-ROM, drive letters volume information, currently running processes list, and programs installed in the Program Files directory” (HackRead, 2023).

Security Officer Comments:
The malware is designed to extract various types of system data from infected devices, including BIOS and hardware information. It is also capable of enumerating folder files, running processes, and network data. Upon execution the info stealer swiftly collects the gathered data and sends it to a command and control server. Other than this function, ThirdEye info stealer does not exhibit any additional behavior. Furthermore, researchers discovered a string named “3rd eye”, when decrypted and combined with another hash value, is used to identify the C2 server. Although, ThirdEye Infostealer is not highly sophisticated, it is evolving rapidly. ThirdEye primarily targets Windows-based systems with a medium severity level. Currently, there is no evidence to suggest that ThirdEye has been used in actual attacks.

Suggested Correction(s):
Researchers at Fortinet have published IOCs that can be used to detect the ThirdyEye Infostealer:

https://www.fortinet.com/blog/threa...eye-infostealer-pries-open-system-information

Link(s):
https://www.hackread.com/thirdeye-infostealer-windows-devices/
https://www.fortinet.com/

Contact Us for Threat Assistance
Back to Current Threats