New EvilExtractor Malware: The All-in-One Stealer Making Waves on the Dark Web

Reading Time: ( Word Count: )

April 24, 2023
Nextdoorsec-course

A new malware named EvilExtractor has surfaced in the market. Threat actors with this all-in-one stealer virus may steal files and other information from Windows PCs. The virus consists of several modules that use an FTP server and have anti-VM or environmental testing features. The primary purpose of EvilExtractor is to download files and browsing content from hacked endpoints to the invader’s FTP domain.

Fortinet The virus is advertised as an instructional tool, but hackers have embraced it as a data thief, according to Cara Lin, an expert at FortiGuard Labs. In March 2023, Fortinet saw a spike in assaults dispersing the virus in the wild, with most targets in Europe and the United States.

Also, Read: “Beware of YouTube Videos Distributing Aurora Stealer Malware via Sophisticated Loader”

On websites like Cracked, a hacker going by the name of Kodex is selling ransomware. It has been updated continuously with various modules to siphon system metadata, passwords, cookies, and record keystrokes. EvilExtractor can encrypt data on the victim’s device and perform malware functions. According to reports, the virus was employed as a component of a phishing email attempt that persuaded users to open a file that looked like a file in PDF format and verify their login credentials.

EvilExtractor may avoid suspicion in a.NET importer or PyArmor and includes harmful characteristics, such as ransomware. It is a complete data thief because it can turn on the webcam and take snapshots.

A malvertising and SEO poisoning attempt to spread the Bumblebee virus accelerator through trojanized distributors of trustworthy programs was described by the SecureWorks Counter Threat Unit (CTU). Bumblebee is a versatile loader that mainly spreads via phishing methods. It is believed that someone connected to the Conti ransomware activity created it. Recently, there has been a rise in SEO poisoning and fraudulent adverts that send people looking for famous solutions like ChatGPT, Cisco AnyConnect, Citrix Workspace, and Zoom to fraudulent websites providing contaminated software.

To lessen these risks, businesses should ensure that program installations and upgrades are only obtained from reputable sources. Users should not be permitted to execute programs or issue instructions on their devices.

Lucas Maes

Lucas Maes

Author

Cybersecurity guru, encryption wizard, safeguarding data with 10+ yrs of IT defense expertise. Speaker & author on digital protection.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *