Security News > 2020 > September > New Python-based trojan targets financial tech firms to steal sensitive data
Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.
A new remote access trojan is aiming at financial technology companies in the UK and European Union to capture sensitive information through keylogging and screen captures.
The group typically sets its sights on financial technology companies, and mostly those located in the UK and EU. To deploy its malware, Evilnum exploits documents for Know Your Customer regulations, which contain information provided by clients conducting business with various providers.
The Trojan then proceeds to upload and download files, steal cookies, gather antivirus information, and execute various commands.
PyVil RAT was compiled with py2exe, an executable that turns Python scripts into Windows programs and has the ability to download new modules to expand its functionality.