Evilnum Threat Group Uses New Trojan to Target Financial Sector
NJCCIC Alert
Original Release Date: 9/10/2020
Summary
Cybercriminal group Evilnum, known to target the financial sector, changed tactics in recent months. The group is employing PyVil, a new Python remote access trojan (RAT), which enables the threat actor to exfiltrate data, log keystrokes, take screenshots, and download additional tools and malware. PyVil is delivered to targets via phishing emails with Know Your Customer/Client (KYC) themes and include an LNK file attachment that contains a dropper, which delivers the RAT.
Recommendations
The NJCCIC recommends organizations employ a defense-in-depth cybersecurity program that includes user awareness training, an endpoint detection and response solution, email security gateway, and a comprehensive data backup plan. For more information on recent Evilnum activity and their use of the PyVil RAT, review the Cybereason blog post.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.