Hackers target cryptocurrency and Commodities platform by using Evilnum Malware
On Thursday, The advanced persistent threat (APT) actor tracked as Evilnum is once again exhibiting signs of renewed activity targetted at European financial and investment entities.
According to a report shared by Hacker News, American enterprise security company, Proofpoint said, “Evilnum is a backdoor that can be used for data theft or to load additional payloads. The malware includes multiple interesting components to evade detection and modify infection paths based on identified antivirus software.”
Targets include organizations with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The latest series of attacks is said to have started in late 2021.
According to Hacker News, the findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the U.K.
Active since 2018, Evilnum is tracked by the wider cybersecurity community which uses the names TA4563 and DeathStalker, with infection chains culminating in the deployment of the eponymous backdoor that’s capable of reconnaissance, data theft, or fetching additional payloads.
“The latest set of activities flagged by Proofpoint incorporate updated tactics, techniques, and procedures (TTPs), relying on a mix of Microsoft Word, ISO, and Windows Shortcut (LNK) files sent as email attachments in spear-phishing emails to the victims,” a source as per Hacker News.