Researchers from several security firms have been reporting a rise in data theft tools in US & Europe.
The Data theft tool named Evil Extractor was used to steal sensitive data from the users.
A cybersecurity firm first observed these attacks and mentioned that the data theft tool has several modules under it.
According to the threat intelligence analyst, the data theft tool was being sold on various other forums.
Evil Extractor has seen a rise in attacks since March 2023 & the majority of them are phishing attacks.
Starts with a phishing email impersonating an account confirmation request containing a Zip attachment.
The file launches a NET loader which uses a base64 encoded PowerShell script to start an EvilExtractor.
The module is a key logger which records the target keyboard inputs and saves them in a local folder to be exfiltrated.