Ryuk has now emerged within a new guise. In brief, the new strain of Ryuk Stealer exhibits advanced properties that enable it to target government and military sectors.
Researchers from the MalwareHunterTeam have discovered a new Ryuk Stealer malware with advanced additions. The new strain is capable of aiming at high-profile targets such as military, government, finance, and banking sectors.
While the earlier Ryuk Stealer malware specifically targeted Word and Excel files, the new version has more targets. According to Vitali Kremez, it now targets seven file types including more Word and Excel files (other than docx and xlsx), pdf, jpg, C++ source code, and crypto-wallets.
When the stealer detects a file with a recognized extension, it then scans it for the presence of certain keywords.
Upon finding the desired document, it then uploads the file to the attackers’ FTP site.
As evident from the targeted words list that includes words like ‘SWIFT’, ‘IBAN’, ‘radar’, ‘tactical’, EDGAR’, ‘newswire’, ‘federal’, ‘bureau’, and ‘investigation’, the new stealer clearly aims at pilfering sensitive information from government, military, and financial institutions.