Threat actor associated with Cyclops ransomware it has been observed offering information-stealing malware designed to capture sensitive data from infected hosts.
“The threat actor behind this (ransomware-as-a-service) is promoting its offering on forums,” Uptycs said in a new report. “There he demands a share of the profits from those who engage in malicious activity using his malware.”
Cyclops ransomware is notable for targeting all major desktop operating systems, including Windows, macOS, and Linux. It is also designed to stop any potential process that could interfere with encryption.
The macOS and Linux versions of the Cyclops ransomware are written in the Golang language. The ransomware then uses a complex encryption scheme which is a mixture of asymmetric and symmetric encryption.
The Go-based thief, for its part, is designed to target Windows and Linux systems, capturing details such as operating system information, computer name, number of processes, and files corresponding to certain extensions.
The harvested data, which consists of .TXT, .DOC, .XLS, .PDF, .JPEG, .JPG, and .PNG files, is then uploaded to a remote server. Thief components can be accessed by the customer from the admin panel.
The development comes as SonicWall details a new line of information thieves called The Dot Net Thief to siphon information from web browsers, VPNs, installed apps, and cryptocurrency wallets, which is a further evolution of the cybercrime ecosystem into a more lethal threat.
“This capability allows attackers to extract valuable information from victim systems that can lead to major financial frauds that can result in large financial losses for victims,” said SonicWall.