Cybereason's Nocturnus Researchers Discover a New Cyber Threat Against UK and European Union Financial Technology Companies
Friday, September 11, 2020
Cybereason's Nocturnus team has been tracking recent developments from the APT Group EvilNum as they increase their attacks on UK and European Union financial technology companies.
BOSTON, Sept. 3, 2020 /PRNewswire-PRWeb/ -- Cybereason, a leader in endpoint security, today unveiled new research from its Nocturnus Research team, titled No Rest for the Wicked: EvilNum Unleashes PyVil RAT. The research details a new targeted and widespread threat against UK and European Union financial technology companies by the EvilNum APT Group. Cybereason researchers also discovered PvVil, a new Python-scripted Remote Access Trojan (RAT), being deployed to steal passwords, documents, browser cookies and email credentials.
Nocturnus discovered EvilNum using several new tricks to deploy the PvVil RAT malware, including a significant deviation from previously observed tools, from the infection chain through persistence and infrastructure, including:
-- Modified versions of legitimate executables employed in an attempt to
remain undetected by security tools.
-- Infection chain shift from a JavaScript Trojan with backdoor
capabilities to a multi-process delivery procedure of the payload.
-- The new Python-scripted RAT dubbed PyVil RAT was compiled with py2exe,
which has the capability to download new modules to expand
functionality.
"The EvilNum group is continuing the time-tested infection method of using phishing emails to infect enterprises. Enterprises need to constantly evolve their security stack to enable easier discovery and remediation of threats. The employees of enterprises shouldn't open email attachments from unknown sources and should avoid downloading information from dubious websites," said Tom Fakterman, Threat Researcher, Cybereason.
For a copy of the EvilNum research, visit: https://www.cybereason.com/blog/no-rest-for-the-wicked-evilnum-unleashes-pyvil-rat
About Cybereason
Cybereason, creators of the leading Cybereason Defense Platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint prevention, detection and response and active monitoring. The solution delivers multi-layered endpoint prevention by leveraging signature and signatureless techniques to prevent known and unknown threats in conjunction with behavioral and deception techniques to prevent ransomware and fileless attacks. Cybereason is a privately held, international company, headquartered in Boston, MA with customers in more than 30 countries.
Learn more: https://www.cybereason.com
Follow us: Blog | Twitter | Facebook
Media Contacts:
Bill Keeler
Senior Director, Global Public Relations
Cybereason
bill.keeler@cybereason.com
(929) 259-3261
SOURCE Cybereason
|
|
|
|
|
 |
Indusface redefines WAAP user experience with industry-first innovations in AppTrana | Mar 28, 2025
|
|
EXECUTIVE PRODUCER BRADLEY COOPER'S FILM CAREGIVING TO PREMIERE ON PBS FOR NATIONWIDE BROADCAST JUNE 24 STREAMING BEGINS MAY 27 | Mar 28, 2025
|
|
Trend Micro Launches Voice-Enabled ScamCheck Capability to Help Protect Consumers from the Rising Threat of Global Scams | Mar 28, 2025
|
|
Splitit Unveils First Fully Embedded White-Label Installment Solution for Shopify Merchants | Mar 28, 2025
|
|
/C O R R E C T I O N -- Bell Canada (MTL)/ | Mar 28, 2025
|
|
Keeper Security Unveils Latest WearOS App for Seamless Password Management | Mar 28, 2025
|
|
Leading Endpoint Protection Solutions for Combatting Cyberthreats Identified in Info-Tech Research Group's New Emotional Footprint Report | Mar 28, 2025
|
|
Hornetsecurity named Top Player in Radicati's Secure Email - Market Quadrant 2025 | Mar 28, 2025
|
|
Ontinue Research Reveals Ransomware Attacks Surged 132% Despite 35% Drop in Payments | Mar 28, 2025
|
|
Identity Theft After a Data Breach? Legal Action May Recover Your Losses | Console & Associates | Mar 28, 2025
|
|
|
