New EvilExtractor Malware: The All-in-One Stealer Making Waves on the Dark Web

Reading Time: ( Word Count: )

April 24, 2023
Nextdoorsec-course

A new malware named EvilExtractor has surfaced in the market. Threat actors with this all-in-one stealer virus may steal files and other information from Windows PCs. The virus consists of several modules that use an FTP server and have anti-VM or environmental testing features. The primary purpose of EvilExtractor is to download files and browsing content from hacked endpoints to the invader’s FTP domain.

Fortinet The virus is advertised as an instructional tool, but hackers have embraced it as a data thief, according to Cara Lin, an expert at FortiGuard Labs. In March 2023, Fortinet saw a spike in assaults dispersing the virus in the wild, with most targets in Europe and the United States.

Also, Read: “Beware of YouTube Videos Distributing Aurora Stealer Malware via Sophisticated Loader”

On websites like Cracked, a hacker going by the name of Kodex is selling ransomware. It has been updated continuously with various modules to siphon system metadata, passwords, cookies, and record keystrokes. EvilExtractor can encrypt data on the victim’s device and perform malware functions. According to reports, the virus was employed as a component of a phishing email attempt that persuaded users to open a file that looked like a file in PDF format and verify their login credentials.

EvilExtractor may avoid suspicion in a.NET importer or PyArmor and includes harmful characteristics, such as ransomware. It is a complete data thief because it can turn on the webcam and take snapshots.

A malvertising and SEO poisoning attempt to spread the Bumblebee virus accelerator through trojanized distributors of trustworthy programs was described by the SecureWorks Counter Threat Unit (CTU). Bumblebee is a versatile loader that mainly spreads via phishing methods. It is believed that someone connected to the Conti ransomware activity created it. Recently, there has been a rise in SEO poisoning and fraudulent adverts that send people looking for famous solutions like ChatGPT, Cisco AnyConnect, Citrix Workspace, and Zoom to fraudulent websites providing contaminated software.

To lessen these risks, businesses should ensure that program installations and upgrades are only obtained from reputable sources. Users should not be permitted to execute programs or issue instructions on their devices.

Lucas Maes

Lucas Maes

Author

Cybersecurity guru, encryption wizard, safeguarding data with 10+ yrs of IT defense expertise. Speaker & author on digital protection.

Other interesting articles

Top 10 Mobile App Penetration Tools and Services of 2024

Top 10 Mobile App Penetration Tools and Services of 2024

In the ever-evolving landscape of mobile applications, security remains a paramount concern. With the surge in the ...
Best Vulnerability Scanning Services of 2024

Best Vulnerability Scanning Services of 2024

In the rapidly evolving digital landscape, cybersecurity is not just a necessity but a critical imperative for ...
The Secrets Behind Email Spoofing vs Phishing Uncovered

The Secrets Behind Email Spoofing vs Phishing Uncovered

In the realm of computer network security, email-based threats have emerged as a significant concern for ...
Experts’ Choice: Top Network Security Tools You Need to Know

Experts’ Choice: Top Network Security Tools You Need to Know

In the ever-evolving landscape of cyber threats, safeguarding the sanctum of computer network security has become ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *