Evil Extractor malware targets Windows devices to steal data
Experts have detected a dangerous new malware (opens in new tab) strain making rounds on the internet, stealing victim’s sensitive data, and in some cases, even deploying ransomware as well.Â
The malware, dubbed Evil Extractor, was discovered by cybersecurity researchers at Fortinet, who published their findings in a blog post (opens in new tab), noting it was developed and distributed by a company called Kodex, and is being advertised as an âeducational toolâ.
âFortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog,â the researchers said. âIt usually pretends to be a legitimate file, such as an Adobe PDF or Dropbox file, but once loaded, it begins to leverage PowerShell malicious activities.âÂ
Avoiding detection
These malicious activities include an environment-analysis tool, and an infostealer. That way, the malware would first make sure itâs not being deployed in a honeypot, before grabbing as much sensitive information from the endpoint as it can and sending it to the threat actorâs FTP server. It also sports ransomware capabilities.Â
Called Kodex Ransomware, the tool downloads zzyy.zip from evilextractor[.]com, which carries 7za.exe, an executable that encrypts files with the parameter â-pâ, meaning the files get zipped with a password.Â
As usual, the malware then leaves a ransom note, demanding $1,000 in Bitcoin, in exchange for the decryption key. âOtherwise, you cannot reach your files foreverâ, the message reads.Â
The malware mostly targets victims in the West, it was said. âWe recently reviewed a version of the malware that was injected into a victimâs system and, as part of that analysis, identified that most of its victims are located in Europe and America,â Fortinet claims.
We donât know if the operators managed to successfully deploy the ransomware anywhere, or how many victims they might have had until today.Â
Via: Infosecurity Magazine (opens in new tab)