“New EvilExtractor Malware: The All-in-One Stealer Making Waves on the Dark Web”

Reading Time: ( Word Count: )

April 24, 2023
Nextdoorsec-course

A new malware named EvilExtractor has surfaced in the market. Threat actors with this all-in-one stealer virus may steal files and other information from Windows PCs. The virus consists of several modules that use an FTP server and have anti-VM or environmental testing features. The primary purpose of EvilExtractor is to download files and browsing content from hacked endpoints to the invader’s FTP domain.

Fortinet The virus is advertised as an instructional tool, but hackers have embraced it as a data thief, according to Cara Lin, an expert at FortiGuard Labs. In March 2023, Fortinet saw a spike in assaults dispersing the virus in the wild, with most targets in Europe and the United States.

Also, Read: “Beware of YouTube Videos Distributing Aurora Stealer Malware via Sophisticated Loader”

On websites like Cracked, a hacker going by the name of Kodex is selling ransomware. It has been updated continuously with various modules to siphon system metadata, passwords, cookies, and record keystrokes. EvilExtractor can encrypt data on the victim’s device and perform malware functions. According to reports, the virus was employed as a component of a phishing email attempt that persuaded users to open a file that looked like a file in PDF format and verify their login credentials.

EvilExtractor may avoid suspicion in a.NET importer or PyArmor and includes harmful characteristics, such as ransomware. It is a complete data thief because it can turn on the webcam and take snapshots.

A malvertising and SEO poisoning attempt to spread the Bumblebee virus accelerator through trojanized distributors of trustworthy programs was described by the SecureWorks Counter Threat Unit (CTU). Bumblebee is a versatile loader that mainly spreads via phishing methods. It is believed that someone connected to the Conti ransomware activity created it. Recently, there has been a rise in SEO poisoning and fraudulent adverts that send people looking for famous solutions like ChatGPT, Cisco AnyConnect, Citrix Workspace, and Zoom to fraudulent websites providing contaminated software.

To lessen these risks, businesses should ensure that program installations and upgrades are only obtained from reputable sources. Users should not be permitted to execute programs or issue instructions on their devices.

Saher

Saher

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Top AI Cybersecurity Companies to Consider in 2023

Top AI Cybersecurity Companies to Consider in 2023

Artificial intelligence (AI) has appeared as a powerful tool in cybersecurity. As the rate and sophistication of ...
60 Chat GPT Prompts for Cyber Security by Experts

60 Chat GPT Prompts for Cyber Security by Experts

Chat GPT, powered by advanced natural language processing and artificial intelligence techniques, has emerged as a ...
Penetration Testing vs. Security Testing: Unraveling the Differences

Penetration Testing vs. Security Testing: Unraveling the Differences

In today's increasingly interconnected world, ensuring the security of digital systems and networks is paramount. ...
Internal vs. External Penetration Testing: Making the Right Choice

Internal vs. External Penetration Testing: Making the Right Choice

Penetration testing, often called pen testing, is crucial to ensuring the security and resilience of computer ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *