Security News > 2023 > April > New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web
A new "All-in-one" stealer malware named EvilExtractor is being marketed for sale for other threat actors to steal data and files from Windows systems.
The network security company said it has observed a surge in attacks spreading the malware in the wild in March 2023, with a majority of the victims located in Europe and the U.S. While marketed as an educational tool, EvilExtractor has been adopted by threat actors for use as an information stealer.
The "Account Info.exe" binary is an obfuscated Python program designed to launch a.NET loader that uses a Base64-encoded PowerShell script to launch EvilExtractor.
"EvilExtractor is being used as a comprehensive info stealer with multiple malicious features, including ransomware," Lin said.
The findings come as Secureworks Counter Threat Unit detailed a malvertising and SEO poisoning campaign used to deliver the Bumblebee malware loader via trojanized installers of legitimate software.
In one incident described by the cybersecurity firm, the threat actor used the Bumblebee malware to obtain an entry point and move laterally after three hours to deploy Cobalt Strike and legitimate remote access software like AnyDesk and Dameware.
News URL
https://thehackernews.com/2023/04/new-all-in-one-evilextractor-stealer.html
Related news
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- Dutch police arrest admin of 'Bohemia/Cannabia' dark web market (source)
- Dutch cops reveal takedown of 'world's largest dark web market' (source)
- Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)