Security News > 2022 > July > Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms
The advanced persistent threat actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities.
"Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News.
The findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the U.K. Active since 2018, Evilnum is tracked by the wider cybersecurity community using the names TA4563 and DeathStalker, with infection chains culminating in the deployment of the eponymous backdoor that's capable of reconnaissance, data theft, or fetching additional payloads.
Regardless of the distribution vector employed, the attacks lead to the execution of the Evilnum backdoor.
Although no next-stage malware executables were identified, the backdoor is known to act as a conduit to deliver payloads from the malware-as-a-service provider Golden Chickens.
"The group's malware known as Evilnum is under active development."
News URL
https://thehackernews.com/2022/07/hackers-use-evilnum-malware-to-target.html
Related news
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean hackers exploit VPN update flaw to install malware (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Fake OnlyFans cybercrime tool infects hackers with malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (source)