Researchers have noticed an increase in assaults disseminating the EvilExtractor data theft program, which is used in Europe and the US to steal consumers’ personal data.
Seven attack modules, including Windows Defender bypassing, ransomware, and credential extraction, are available with a $59 a month membership to Kodex’s EvilExtractor software.
Based on the information provided to BleepingComputer, EvilExtractor is mostly advertised to threat actors on hacking forums even though it is touted as a respectable program.
Allan Liska, a security intelligence analyst at Recorded Future, informed BleepingComputer that the company first discovered Evil Extractor being marketed on the Cracked and Nulled forums in October of 2022.
Since February 2022, other security experts have been keeping an eye on the advancement and harmful assaults made possible by Evil Extractor and reporting their findings on Twitter.
According to Fortinet, information thieves employ EvilExtractor as malware in the field to steal data.
Attack statistics gathered by the cybersecurity firm says that the use of EvilExtractor peaked in March 2023, with the majority of infections originating from a related phishing effort.
Expansion in phishing attacks
Fortinet said that the assaults they saw began with phishing emails that looked like account confirmation requests and contained executable attachments that were gzip-compressed. This executable, which is actually a Python executable program, is designed to look like a genuine PDF or Dropbox file.
Fortinet says that Kodex, the tool’s creator, has upgraded EvilExtractor numerous times since its initial release in October 2022 to give it additional power and stability.
Users are encouraged to be alert against unsolicited emails because detections in the wild show that EvilExtractor is gaining popularity in the cybercrime community.