Cyclops ransomware: new threats emerge with data theft capabilities

Threats related to Cyclops ransomware have been observed offering malware designed to capture sensitive data from infected hosts. The notorious ransomware is notable for its ability to target all major desktop operating systems, including Windows, macOS, and Linux. It is also designed to terminate any potential processes that could interfere with encryption.

Promotion on the dark web and technical details

The threat actor promotes its offer on various forums, Uptycs said in a new report. In these digital spaces, it demands a share of the profits from those who engage in malicious activity using its malware. The macOS and Linux versions of Cyclops ransomware are written in Golang. The ransomware also uses a complex encryption scheme that combines asymmetric and symmetric encryption.

Targets: Windows, Linux and data theft

The Go-based stealer is designed to target Windows and Linux systems, capturing details such as operating system information, computer name, number of processes and files of interest that match specific extensions. The collected data, which includes .TXT, .DOC, .XLS, .PDF, .JPEG, .JPG and .PNG files, is then uploaded to a remote server. The stealer component can be accessed from an admin panel to the client.

The evolution of threats: dot net stealers

This development emerges simultaneously with SonicWall detailing a new malware variant called the Dot Net Stealer, designed to steal information from web browsers, VPNs, installed applications and cryptocurrency wallets. This represents a further evolution of the cybercrime ecosystem into an even more lethal threat. "These capabilities allow attackers to obtain valuable information from victims' systems that can lead to major financial fraud, causing huge financial losses for the victims," SonicWall said.