Security News > 2022 > July > Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms
The advanced persistent threat actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities.
"Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News.
The findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the U.K. Active since 2018, Evilnum is tracked by the wider cybersecurity community using the names TA4563 and DeathStalker, with infection chains culminating in the deployment of the eponymous backdoor that's capable of reconnaissance, data theft, or fetching additional payloads.
Regardless of the distribution vector employed, the attacks lead to the execution of the Evilnum backdoor.
Although no next-stage malware executables were identified, the backdoor is known to act as a conduit to deliver payloads from the malware-as-a-service provider Golden Chickens.
"The group's malware known as Evilnum is under active development."
News URL
https://thehackernews.com/2022/07/hackers-use-evilnum-malware-to-target.html
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)