EvilExtractor malware activity in the U.S. and Europe is increasing, according to reports. The malware is sold as a RaaS for $59 per month.
- EvilExctractor
is marketed as a legal tool, but security researchers claim that it is
mainly sold on hacking forums through a ransomware-as-a-service model.
- According to statistics, the use EvilExtractor spiked in March 2023 and was mostly used through phishing,
- The
infection chain begins with a phishing email that contains an infected
attachment. The attachment is made to look like a legitimate PDF or
Dropbox file.
- When the target opens the file, a PyInstaller file is executed and launches a .NET loader.
- Finally,
the EvilExtractor data-stealing module downloads three additional
Python components named KK2023, Confirm, and MnMs.zip.
- The first program extracts cookies and password history from browsers.
- The second is a key logger that records the victim's keyboard strokes.
- The third program can activate the webcam, capture video or images, and upload the files to the attacker's FTP server.
