Evil Extractor malware targets Windows devices to steal data

In some cases it even deploys ransomware as well

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Experts have detected a dangerous newmalwarestrain making rounds on the internet, stealing victim’s sensitive data, and in some cases, even deploying ransomware as well.

The malware, dubbed Evil Extractor, was discovered by cybersecurity researchers at Fortinet, who published their findings in ablog post, noting it was developed and distributed by a company called Kodex, and is being advertised as an “educational tool”.

“FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog,” the researchers said. “It usually pretends to be a legitimate file, such as anAdobePDF or Dropbox file, but once loaded, it begins to leverage PowerShell malicious activities.”

Avoiding detection

These malicious activities include an environment-analysis tool, and an infostealer. That way, the malware would first make sure it’s not being deployed in a honeypot, before grabbing as much sensitive information from the endpoint as it can and sending it to the threat actor’s FTP server. It also sportsransomwarecapabilities.

Called Kodex Ransomware, the tool downloads zzyy.zip from evilextractor[.]com, which carries 7za.exe, an executable that encrypts files with the parameter “-p”, meaning the files get zipped with a password.

As usual, the malware then leaves a ransom note, demanding $1,000 in Bitcoin, in exchange for the decryption key. “Otherwise, you cannot reach your files forever”, the message reads.

You’re a ransomware victim: Here’s 5 things you should do>What is ransomware and how does it work?>Check out the best endpoint protection tools now

The malware mostly targets victims in the West, it was said. “We recently reviewed a version of the malware that was injected into a victim’s system and, as part of that analysis, identified that most of its victims are located in Europe and America,” Fortinet claims.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

We don’t know if the operators managed to successfully deploy the ransomware anywhere, or how many victims they might have had until today.

Via:Infosecurity Magazine

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics