Subj : Evil Extractor malware targets Windows devices to steal data
To   : All
From : TechnologyDaily
Date : Mon Apr 24 2023 18:30:03

Evil Extractor malware targets Windows devices to steal data

Date:
Mon, 24 Apr 2023 17:18:57 +0000

Description:
In some cases, the malware also deploys ransomware and asks for $1,000 in 
Bitcoin in exchange for the decryption key.

FULL STORY
======================================================================

Experts have detected a dangerous new malware strain making rounds on the 
internet, stealing victim's sensitive data, and in some cases, even deploying 
ransomware as well. 

The malware, dubbed Evil Extractor, was discovered by cybersecurity 
researchers at Fortinet, who published their findings in a blog post , noting 
it was developed and distributed by a company called Kodex, and is being 
advertised as an educational tool. 

FortiGuard Labs observed this malware in a phishing email campaign on 30 
March, which we traced back to the samples included in this blog, the 
researchers said. It usually pretends to be a legitimate file, such as an 
Adobe PDF or Dropbox file, but once loaded, it begins to leverage PowerShell 
malicious activities. Avoiding detection 

These malicious activities include an environment-analysis tool, and an 
infostealer. That way, the malware would first make sure its not being 
deployed in a honeypot, before grabbing as much sensitive information from 
the endpoint as it can and sending it to the threat actors FTP server. It 
also sports ransomware capabilities. 

Called Kodex Ransomware, the tool downloads zzyy.zip from 
evilextractor[.]com, which carries 7za.exe, an executable that encrypts files 
with the parameter -p, meaning the files get zipped with a password. 

As usual, the malware then leaves a ransom note, demanding $1,000 in Bitcoin, 
in exchange for the decryption key. Otherwise, you cannot reach your files 
forever, the message reads. Read more 

> You're a ransomware victim: Here's 5 things you should do 


 > What is ransomware and how does it work? 


 > Check out the best endpoint protection tools now 

The malware mostly targets victims in the West, it was said. We recently 
reviewed a version of the malware that was injected into a victims system 
and, as part of that analysis, identified that most of its victims are 
located in Europe and America, Fortinet claims. 

We dont know if the operators managed to successfully deploy the ransomware 
anywhere, or how many victims they might have had until today. Here's our 
list of the best firewalls right now 

Via: Infosecurity Magazine



======================================================================
Link to news story:
https://www.techradar.com/news/evil-extractor-malware-targets-windows-devices-
to-steal-data


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.