Evilnum hackers have targeted various financial firms by using a new Python-based RAT.
A new Python-based remote access Trojan (RAT) that can steal passwords, documents, browser cookies, email credentials, and other sensitive information is being used by hackers in their latest attack.
The Evilnum group has not only hyped the infection chain but has also deployed a Python RAT called “PyVil RAT”. This RAT possesses abilities to gather information, take screenshots, capture keystrokes data, open an SSH shell and deploy new tools.
Evilnum has been linked to several malware campaigns against companies across the UK and EU involving backdoors written in JavaScript and C#. The APT group was found targeting companies with phishing emails that contain a link to a ZIP file hosted on Google Drive.
The ZIP file can be used to steal software licenses, customer credit card information, and investments and trading documents. The attacks use JavaScript dropper that delivers malicious payloads hidden in modified versions of legitimate executables in an attempt to escape detection.
The methods and techniques used by the Evilnum hackers have always been new and developed. Using various new and updated technique has allowed the group to stay under the radar. NPAV recommends users and financial sector workers to keep their guard up against phishing emails.
Users must refrain themselves from downloading or opening any document or attachment shared via unknown email sources. Downloading any file or simply opening the emails might lead to system and network infections.
Install NPAV on your devices to keep them safe from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.