APT group Evilnum, regarded for its targeting of economical technology companies by using faux know your client (KYC) paperwork, has gone through a major transform in techniques and armory a short while ago that the FinTech sector should be created conscious of, according to an investigation by Cybereason.
To start with recognized back in 2018, Evilnum has upgraded its attack capabilities on many instances. Its principal function is to spy on its infected targets and steal information these kinds of as passwords, files, browser cookies and email qualifications.
According to Tom Fakterman, menace researcher at Cybereason, the group’s an infection process has altered considerably in current weeks. Instead of providing 4 different LNK data files in a zip archive that will be changed by a JPG file, only one LNK is archived, which masquerades as a PDF containing several documents these kinds of as utility expenses and credit score card photographs.
This new Python Rat was observed to have various functionalities including keylogger, functioning cmd commands, taking screenshots and opening an SSH shell. It can also deploy new applications, incorporating more functionalities for the attack when necessary.
Fakterman reported: “This innovation in techniques and equipment is what permitted the team to remain less than the radar, and we assume to see a lot more in the foreseeable future as the Evilnum group’s arsenal continues to increase.”
In addition, Cybereason revealed Evilnum has ramped up its infrastructure a short while ago, with the record of domains affiliated with its C2 IP tackle, which adjustments every few months.
Irrespective of these changes, Fakterman mentioned that “the primary system of getting initial obtain to their FinTech targets stayed the identical: employing pretend KYC files to trick staff of the finance business to cause the malware.”
Talking to Infosecurity, Fakterman commented: “Evilnum has absent to great lengths to evade avoidance-focused security instruments which underscores the need for organizations to commit in successful detection and response capabilities that allow for deep threat looking on the network in get to recognize threats built to bypass preliminary layers of security.
“In addition, enterprises really should supply their employees with frequent security recognition schooling to improved them for cyber-dangers this sort of as phishing. Also, staff members must under no circumstances open attachments from suspicious sources or take a look at dubious sites and ought to send suspicious e-mails to the IT/security crew for vetting.”