Tuesday, 06 June 2023 15:08

More Ransomware as a Service Fun as Cyclops Gang Now Offers Value Add Information Stealer

Written by

Reading time is around minutes.

Anyone that does not think that cybercrime is now a bug business has been living under a rock. The news related to different cybercrime-as-a-service groups, especially ransomware, has never been more frequent. We have seen groups offer larger profit sharing, special tools, access to customization tools and now we hear that the Cyclops group is even offering an information stealer as something of a value add if you use their services.

Security company Uptycs has said that the group appears to be announcing this new offering on different forums where the cyber criminals hang out. For a small share of the profits, you too can use their malware in your campaign. Like many other “as-a-service” groups on the daker side of the web they enable smaller less sophisticated groups to get in on the action for less cost than it would be to set up your own infrastructure and either develop or reverse engineer your own malware.

Cyclops has shown that it is a sophisticated group with a GoLang based ransomware for MacOS and Linux. The information stealer also is written in Go and seems to target information about the target system along with specific files (txt, doc, xls, pdf, etc.) Once after searching through a system, it then uploads them to a control server that the Cyclops affiliate can monitor.

This move by Cyclops is not new, it is following the pattern of other groups that are moving more and more into the professional service offering market. They have the money and resources to develop sophisticated malware, and other people want those tools. Sadly, this is a great example of how a free market works. Someone has a service that others want, so they build it and offer more tools, discounts etc. to keep their business and grow revenue. Oh what a time to be alive.

Read 745 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.