- Joined
- Jun 13, 2020
- Messages
- 6,487
- Reaction score
- 890
- Points
- 212
- Awards
- 2
A powerful data thief focused on Windows systems will clearly spur malicious activity in cyberspace.
New malware called EvilExtractor is positioned as a tool for theft « all in one ». It is freely sold on the darknet and offers customers powerful tools for stealing data and files from Windows systems at a price of only $ 39. It is not specified whether a single purchase or malware is available by subscription, but usually malware is much more expensive. A low price tag reduces the input threshold for new potential intruders who would like to steal someone else's information.
« EvilExtractor includes several modules that work through the FTP service, as well as the environment verification module and the Anti-VirtualMachine function. The main goal of the malware, apparently, is to steal browser data and information from compromised endpoints, and then upload it to the Hooker FTP server, — reports Kara Lin, Fortinet researcher.
The company said that in March 2023 it observed a surge in attacks spreading this malware in the wild ( ITW ), with most of the victims in Europe and the USA.
Researchers have found that malware is available for purchase at the Cracked cybercrime forum from a user named Kodex. The EvilExtractor tool can be bought from October 22, 2022. The malware is regularly updated and packaged in various modules for evading detection. This malware was reportedly used as part of a phishing campaign aimed at e-mail, which was discovered by Fortinet specialists on March 30 this year. Electronic letters tricked victims into launching the executable file « Account_Info.exe », which was carefully disguised as a PDF document.
The executable file was a Python-based profuscitated program designed to run the bootloader .NET using the Base64 PowerShell encoding script for the subsequent launch of EvilExtractor.
The EvilExtractor functionality includes: pumping system metadata, passwords and cookies from various web browsers, writing keystrokes. Malicious software, in addition to collecting files, can also activate the webcam and take screenshots. Malicious software is even able to act as a ransomware program by encrypting files in the target system.
In general, this tool poses a serious danger due to its rather extensive functionality, and regular updates that increase the secrecy of malware and low price clearly play into the author’s hand, to distribute EvilExtractor among as many active cybercriminals as possible.
New malware called EvilExtractor is positioned as a tool for theft « all in one ». It is freely sold on the darknet and offers customers powerful tools for stealing data and files from Windows systems at a price of only $ 39. It is not specified whether a single purchase or malware is available by subscription, but usually malware is much more expensive. A low price tag reduces the input threshold for new potential intruders who would like to steal someone else's information.
« EvilExtractor includes several modules that work through the FTP service, as well as the environment verification module and the Anti-VirtualMachine function. The main goal of the malware, apparently, is to steal browser data and information from compromised endpoints, and then upload it to the Hooker FTP server, — reports Kara Lin, Fortinet researcher.
The company said that in March 2023 it observed a surge in attacks spreading this malware in the wild ( ITW ), with most of the victims in Europe and the USA.
Researchers have found that malware is available for purchase at the Cracked cybercrime forum from a user named Kodex. The EvilExtractor tool can be bought from October 22, 2022. The malware is regularly updated and packaged in various modules for evading detection. This malware was reportedly used as part of a phishing campaign aimed at e-mail, which was discovered by Fortinet specialists on March 30 this year. Electronic letters tricked victims into launching the executable file « Account_Info.exe », which was carefully disguised as a PDF document.
The executable file was a Python-based profuscitated program designed to run the bootloader .NET using the Base64 PowerShell encoding script for the subsequent launch of EvilExtractor.
The EvilExtractor functionality includes: pumping system metadata, passwords and cookies from various web browsers, writing keystrokes. Malicious software, in addition to collecting files, can also activate the webcam and take screenshots. Malicious software is even able to act as a ransomware program by encrypting files in the target system.
In general, this tool poses a serious danger due to its rather extensive functionality, and regular updates that increase the secrecy of malware and low price clearly play into the author’s hand, to distribute EvilExtractor among as many active cybercriminals as possible.