Threat actors linked to the Cyclops ransomware have been seen promoting malware that is intended to steal sensitive information from compromised PCs.
In a recent analysis, Uptycs noted that “the threat actor behind this [ransomware-as-a-service] promotes its offering on forums.” There, it demands a cut of the money made by anyone who use its virus for nefarious purposes.
All of the main desktop operating systems, including Windows, macOS, and Linux, are targeted by the Cyclops ransomware. Additionally, it is intended to end any potential operations that can obstruct encryption.
Golang is used in the Linux and macOS variants of the Cyclops ransomware. The ransomware also uses a sophisticated encryption method that combines symmetric and asymmetric encryption.
For its part, the Go-based stealer is made to target Windows and Linux systems, collecting information such as the operating system, computer name, the number of processes, and files of interest with particular extensions.
The gathered data is then uploaded to a remote server in the form of.TXT,.DOC,.XLS,.PDF,.JPEG, and.PNG files. A customer can access the stealer component through an admin panel.
In a further expansion of the cybercrime ecosystem into a more dangerous threat, SonicWall recently revealed a new strain of information thief called Dot Net Stealer that can steal information from installed programmes, web browsers, VPNs, and cryptocurrency wallets.
According to SonicWall, “These capabilities give attackers the ability to obtain useful information from the victim’s systems that can lead to significant financial frauds and cause victims to suffer significant financial losses.”