The Advanced Persistent Threat (APT) system was able to track down Evilnum, which has shown vital signs of activity focused on European financial institutes. Targets were companies that worked as foreign exchanges, cryptocurrency platforms, and decentralized finance (DeFi), all beginning in late 2021.
The security agency Proofpoint states, "Evilnum is a backdoor that can be used for data theft or to load additional payloads. The malware includes multiple interesting components to evade detection and modify infection paths based on identified antivirus software."
Evilnum isn't anything new; developed in 2018 under the names TA4563 and DeathStalker, Evilnum has been infecting numerous firms by employing backdoor surveillance, data breaches, and "fetching additional payloads." Typically, Evilnum operates by being sent as an email attachment for phishing scams.
Sherrod DeGrippo, VP of Proofpoint, states that "financial organizations, especially those operating in Europe and with cryptocurrency interests, should be aware of TA4563 activity.
The group's malware known as Evilnum is under active development."
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.