An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan (RAT) that can steal passwords, documents, browser cookies, email credentials, and other sensitive information.
In an analysis published by Cybereason researchers yesterday, the Evilnum group has not only tweaked its infection chain but has also deployed a Python RAT called “PyVil RAT,” which possesses abilities to gather information, take screenshots, capture keystrokes data, open an SSH shell and deploy new tools.
“Since the first reports in 2018 through today, the group’s TTPs have evolved with different tools while the group has continued to focus on fintech targets,” the cybersecurity firm said.
“These variations include a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT)” to spy on its infected targets.
Over the last two years, Evilnum has been linked to several malware campaigns against companies across the UK and EU involving backdoors written in JavaScript and C# as well as through tools bought from the…
http://feedproxy.google.com/~r/TheHackersNews/~3/xUbJtSiDEEw/evilnum-hackers.html