Distributed through phishing campaigns, EvilExtrator malware attacks have increased in both Europe and the US. This malware can harvest different types of data, including ones browser history, passwords, and cryptocurrency wallets. What makes this malware dangerous is that it has the ability to evade detection by most antivirus solutions.
More about EvilExtractor?
This malware is an all in one stealer which is distributed through phishing campaigns. A victim opens a specially crafted malicious file and then the malware starts executing its payload. When a system is infected sensitive information can be easily extracted including but not limited to:
- Browser History
- Cryptocurrency Wallets
This malware has a keylogger which would log keystrokes in turn logging users activities. On top of the above it can also take screenshots, capture webcam footage and steal files.
Due to sophisticated encryption and obfuscation techniques used by this malware it can evade most antivirus software.
As mentioned in the previous section, the concerns this primary concern this malware brings about is its ability to evade detection by most antivirus software.
This is dangerous in particular for organizations that deal with sensitive information such as financial institutions and healthcare providers.
With this spike in activity targeting US and Europe, this shows that the threat actors behind this malware campaigns are actively targeting these regions.
The risks with EvilExtractor Malware.
There are major risks with this malware given that it can harvest a variety of sensitive data which can be used for financial gain by the threat actors, or other malicious intent.
If an organization does not take steps to implement sufficient security measures are at the greatest risk of falling to this malware. This could result in legal liabilities, reputational damage, and financial loss.
Recommendations to protect yourself from EvilExtractor.
- Install a robust end point protection solution such as SentinelOne.
- Educate employees on how to identify phishing emails.
- Implement and require MFA (multi-factor authentication).
- Monitor for any anomalous network activity.
- Monitor your infrastructure for any vulnerabilities and ensure they are patch if there is a fix for that particular vulnerability.
- Ensure the system is kept up to date with the latest updates for installed software as well as windows updates.
- Ensure that strong password policies are implemented.
- Limit or ensure that sensitive data is stored in a safe location such as a server instead of on ones workstation.
Looking to minimize cybersecurity threats against this malware or other, reach out to [email protected] to book a free consultation or request a quote for any of our cyber security solutions.