A new malware called Evilextractor is being marketed as an educational tool but is being used by threat actors to steal data and files from Windows systems. It contains several modules that all work via FTP service and includes environment checking and anti-VM functions. Evilextractor has been observed in the wild since March 2023, with a majority of victims located in Europe and the US. The malware steals browser data and information from compromised endpoints and then uploads it to the attacker’s FTP server. The malware can activate the webcam and capture screenshots, record keystrokes, and act as ransomware by encrypting files on the target system. The malware has been used as part of a phishing email campaign that lures recipients into launching an executable that masquerades as a PDF document. In addition, to tackle the increasing use of malware, organizations should ensure software installers and updates are downloaded only from known and trusted websites.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net
Source: The Hacker News