EvilExtractor: The All-In-One Stealer Malware Available on The Dark Web
EvilExtractor: The All-In-One Stealer Malware Available on The Dark Web
New “all-in-one” stealer malware named EvilExtractor
Fortinet FortiGuard Labs researchers have discovered a new “all-in-one” stealer malware named EvilExtractor that is being sold on cybercrime forums like Cracked. EvilExtractor includes various modules that all operate via an FTP service, and it has environment checking and Anti-VM functions. Its primary purpose is to steal browser data and information from compromised endpoints and then upload it to the attacker’s FTP server. While marketed as an educational tool, it has been adopted by threat actors for use as an information stealer. EvilExtractor is continuously updated and is being used as a comprehensive info stealer with multiple malicious features, including ransomware.
The cybersecurity firm has observed a surge in EvilExtractor attacks spreading in the wild since March 2023, with a majority of victims located in Europe and the U.S. Additionally, the malware has been used as part of a phishing email campaign detected by the company on March 30, 2023. The emails lure recipients into launching an executable that masquerades as a PDF document under the pretext of confirming their “account details.” The malware, besides gathering files, can also activate the webcam and capture screenshots.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Malvertising and SEO Poisoning Campaign Delivers Bumblebee Malware to Unsuspecting Users
Secureworks Counter Threat Unit (CTU) has also detailed a malvertising and SEO poisoning campaign used to deliver the Bumblebee malware loader via trojanized installers of legitimate software.
Bumblebee is a modular loader that’s primarily propagating through phishing techniques and is suspected to be developed by actors associated with the Conti ransomware operation.
The use of SEO poisoning and malicious ads to redirect users searching for popular tools has witnessed a spike in recent months after Microsoft began blocking macros by default from Office files downloaded from the internet.
Trending: Major Cyber Attacks of 2022
Trending: Offensive Security Tool: dontgo403
Mitigation
To mitigate these and similar threats, organizations should ensure that software installers and updates are only downloaded from known and trusted websites. Users should not have privileges to install software and run scripts on their computers.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: info@blackhatethicalhacking.com
Source: thehackernews.com
The post EvilExtractor: The All-In-One Stealer Malware Available on The Dark Web first appeared on Black Hat Ethical Hacking.
About The Author
