Threat
actors
associated
with
the
Cyclops
ransomware
have
been
observed
offering
an
information
stealer
malware
that’s
designed
to
capture
sensitive
data
from
infected
hosts.
“The
threat
actor
behind
this
[ransomware-as-a-service]
promotes
its
offering
on
forums,”
Uptycs
said
in
a
new
report. “There
it
requests
a
share
of
profits
from
those
engaging
in
malicious
activities
using
its
malware.”
Cyclops
ransomware
is
notable
for
targeting
all
major
desktop
operating
systems,
including
Windows,
macOS,
and
Linux.
It’s
also
designed
to
terminate
any
potential
processes
that
could
interfere
with
encryption.
The
macOS
and
Linux
versions
of
Cyclops
ransomware
are
written
in
Golang.
The
ransomware
further
employs
a
complex
encryption
scheme
that’s
a
mix
of
asymmetric
and
symmetric
encryption.
The
Go-based
stealer,
for
its
part,
is
designed
to
target
Windows
and
Linux
systems,
capturing
details
such
as
operating
system
information,
computer
name,
number
of
processes,
and
files
of
interest
matching
specific
extensions.
The
harvested
data,
which
comprises
.TXT,
.DOC,
.XLS,
.PDF,
.JPEG,
.JPG,
and
.PNG
files,
is
then
uploaded
to
a
remote
server.
The
stealer
component
can
be
accessed
by
a
customer
from
an
admin
panel.
The
development
comes
as
SonicWall
detailed
a
new
strain
of
information
stealer
called
Dot
Net
Stealer
to
siphon
information
from
web
browsers,
VPNs,
installed
apps,
and
cryptocurrency
wallets,
in
what’s
a
further
evolution
of
the
cybercrime
ecosystem
into
a
more
lethal
threat.
“These
capabilities
provide
attackers
to
obtain
valuable
information
from
the
victim’s
systems
that
can
lead
to
big
financial
frauds
which
can
make
huge
financial
losses
to
victims,”
SonicWall
said.
