The new malware trojan PyVil RAT is the new discovery of researchers and the team that seems to be spreading it is Evilnum.
A new trojan malware has been detected in a campaign targeting financial technology organizations for stealing email addresses, passwords and other sensitive corporate information.
Known as Evilnum, the APT team first appeared in 2018 and one of the reasons for its success is how often it changes tools and tactics as it targets Fintech-related companies located primarily in Europe and United Kingdom, although some victims are also in America and Australia.
The malware trojan, discovered by Cybereason researchers and named PyVil RAT, allows intruders to steal corporate information using keylogging and take screenshots. It also has the ability to collect information about the infected system, including the current version of Windows, which antivirus are installed and if there are connected devices USB.
Evilnum's previous attacks had started with highly targeted phishing emails, and the PyVil delivery campaign is something like this, though instead of delivering files zip as before, emails are delivered containing an LNK file disguised as PDF.
Phishing emails claim to contain bank-related identification documents, credit card documents or even driver's license photos.
While it remains unclear who the cybercriminals behind Evilnum are, the highly targeted nature of the attacks combined with the way they constantly change their tactics leads researchers to believe that they are a group of real professionals.
The Evilnum team is believed to remain active for a long time and it is only a matter of time before it changes its tools and techniques again.