Cybersecurity Threat Advisory: EvilExtractor malware surge detected
EvilExtractor malware has spiked in Europe and the US. EvilExtractor is distributed through phishing campaigns and can harvest various types of data, including browser history, passwords, and cryptocurrency wallets. This is a concern because of the malware’s ability to evade most antivirus software detection. Barracuda SOC recommends implementing security measures to prevent EvilExtractor malware activity.
What is the threat?
EvilExtractor is an all-in-one stealer malware that is primarily distributed through phishing campaigns. Once a victim opens a malicious file, the malware starts its operation and can extract sensitive information from the infected system, including browser history, cookies, passwords, and cryptocurrency wallets. The malware is equipped with a keylogger that can capture keystrokes and log user activities. Additionally, the malware can also take screenshots, capture webcam footage, and steal files. EvilExtractor can evade detection by most antivirus software due to its sophisticated encryption and obfuscation techniques.
Why is it noteworthy?
EvilExtractor is particularly concerning because it can evade most antivirus software’s detection. This threat is particularly dangerous for organizations with sensitive data such as financial institutions and healthcare provider. The spike in activity in Europe and the US suggests that the threat actors behind this malware are actively targeting these regions.
What is the exposure or risk?
The exposure or risk of EvilExtractor is significant, as the malware can harvest a variety of sensitive information that can be used for financial gain or other malicious purposes. Organizations who fail to implement adequate security measures are at risk of falling victim to this malware, which could result in financial losses, reputation damage, and legal liabilities.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of an EvilExtractor malware attack:
- Utilize a robust endpoint-protection solution – such as SentinelOne
- Educate employees via security awareness training
- Implement multi-factor authentication
- Monitor network activity for anomalies
- Keep software and systems up to date with the latest security patches
- Implement strong password policies
- Limit the amount of sensitive data stored on individual systems
References
For more in-depth information, please visit the following links:
- https://www.bleepingcomputer.com/news/security/evilextractor-malware-activity-spikes-in-europe-and-the-us/
- https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer
If you have any questions, please contact our Security Operations Center.