Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
An uptick in EvilExtractor activity aims to compromise endpoints to steal browser from targets across Europe and the US, researchers say.
1 Min Read
Source: Brain light via Alamy Stock Photo
A phishing campaign that launched in March and is actively targeting Microsoft operating system users in Europe and the US is making the rounds, using the EvilExtractor tool as its weapon of choice.
Research this week from FortiGuard Labs details the EvilExtractor attack chain, explaining that it usually starts with a legitimate-seeming Adobe PDF or Dropbox link, which instead deploy a malicious PowerShell when opened or clicked, before eventually leading to the modular EvilExtractor malware.
"Its primary purpose seems to be to steal browser data and information from compromised endpoints, and then upload it to the attacker’s FTP server," FortiGuard Labs researchers wrote.
The report points out that EvilExtractor was first developed by Kodex, which claimed that, despite its obvious name, it's used as an "educational tool,' according to the EvilExtractor report. "However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info-stealer."
About the Author(s)
You May Also Like
More Insights
Webinars
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
