A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.
In September 2019, we reported on a new malware that included references to the Ryuk Ransomware and was used to steal files if the file's name matched certain keywords.
It is not known if this tool is created by the Ryuk Ransomware actors to be used for data exfiltration before encrypting a victim's computer or if another actor simply borrowed from the ransomware's code.
"It is likely the same actor with the access to the earlier Ryuk version who repurposed the code portion for this stealer," Head of SentinelLabs Vitali Kremez told BleepingComputer.
What we do know is that the malware is targeting very specific keywords that could be disastrous for governments, military operations, and law enforcement cases if the stolen files are exposed.
New features added to the Ryuk Stealer
A new variant of the Ryuk Stealer malware was discovered today by MalwareHunterTeam that adds a new file content scanning feature and additional keywords that it targets for theft.
In the previous version, the Ryuk Stealer would scan a computer's files for Word (docx) and Excel (xlsx) documents.
According to Kremez, this new version of the stealer will look for an additional seven file types related to C++ source code, further Word and Excel document types, PDFs, JPG image files, and cryptocurrency wallets.
Support the originator by clicking the read the rest link below.
