Security News > 2022 > July > Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms

The advanced persistent threat actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities.

"Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News.

The findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the U.K. Active since 2018, Evilnum is tracked by the wider cybersecurity community using the names TA4563 and DeathStalker, with infection chains culminating in the deployment of the eponymous backdoor that's capable of reconnaissance, data theft, or fetching additional payloads.

Regardless of the distribution vector employed, the attacks lead to the execution of the Evilnum backdoor.

Although no next-stage malware executables were identified, the backdoor is known to act as a conduit to deliver payloads from the malware-as-a-service provider Golden Chickens.

"The group's malware known as Evilnum is under active development."

News URL

https://thehackernews.com/2022/07/hackers-use-evilnum-malware-to-target.html