CYFIRMA’s latest research report analyses a stealthy Windows-based malware known as CyberEye, which is posing a significant threat across systems by offering attackers full remote control through a Telegram Bot API. Once executed, it silently harvests browser-stored passwords, cookies, credit card details, Wi-Fi credentials, and session tokens from apps like Telegram, Discord, and Steam. It monitors clipboard activity in real time, hijacking cryptocurrency wallet addresses to redirect funds.
The malware disables Windows Defender protections using PowerShell, evades analysis, and exfiltrates stolen data instantly via Telegram chats. It can log keystrokes, capture screenshots, record desktop activity, and steal entire folders like Minecraft profiles or desktop files. Designed to blend in with legitimate software, it can persist silently, avoid detection, and respond to attacker commands over encrypted channels.
A private Telegram channel run by the developer suggests the existence of a premium variant with extended capabilities. This malware highlights the growing sophistication of commodity threats and their increasing distribution across underground channels.
Link to the Research Report: https://www.cyfirma.com/research/understanding-cybereye-rat-builder-capabilities-and-implications/

#CyberSecurity #MalwareAlert #StaySafeOnline #CYFIRMA #CYFIRMAResearch

#ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/