"Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms"

Evilnum, an Advanced Persistent Threat (APT) actor, is showing signs of activity targeted at European financial and investment sectors. Evilnum is a backdoor that allows malicious actors to steal data or load additional payloads, according to Proofpoint researchers. The malware has various components that it uses to avoid detection and alter infection pathways in response to known antivirus products. Organizations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi) are among the targets. The most recent wave of attacks is said to have begun in late 2021. Active since 2018, Evilnum is also known as TA4563 and DeathStalker in the cybersecurity community, with infection chains topping in the deployment of the backdoor capable of reconnaissance, data theft, or fetching additional payloads. Its most recent set of activities includes updated tactics, techniques, and procedures (TTPs), relying on a mix of Microsoft Word, ISO, and Windows Shortcut (LNK) files sent as email attachments in spear-phishing emails to victims. Other variants of the campaign spotted in early 2022 used financial incentives to entice recipients to open. LNK files in malicious ZIP archive attachments or click OneDrive URLs that contain either an ISO or an LNK file. In another case, the actor changed their strategy to deliver macro-laden Microsoft Word documents containing obfuscated JavaScript code designed to launch the backdoor binary. This article continues to discuss findings regarding the Evilnum malware. 

THN reports "Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms"