ESET dissects malware stealing financial data

Evilnum’s main targets are financial technology companies

ESET

ESET dissects malware stealing financial data. Source: pixabay.com

According to ESET, Evilnum, an advanced threat group, has been targeting European fintechs since 2018. The EU and the UK have been hit the hardest, although Australia and Canada have also seen the attacks.

Evilnum’s main goal is to spy on its targets and obtain financial data from both the targeted companies and their customers.

While this malware has been seen in the wild since at least 2018 and documented previously, little has been published about the group behind it and how it operates. Its toolset and infrastructure have evolved and now consist of a mix of custom, homemade malware combined with tools purchased from Golden Chickens, a Malware-as-a-Service provider whose infamous customers include FIN6 and Cobalt Group
Matias Porolli, the ESET researcher leading the investigation into Evilnum

Evilnum steals customer credit card information, proof of address, and ID data. The group access to spreadsheets and documents with customer lists, investments, and trading operations.

Besides, it steals software licenses and credentials for trading software and platforms. The group has also gained access to IT-related information, such as VPN configurations.

We’ve reported that European organizations have a false sense of security when it comes to protecting themselves. In fact, 68% are seeing themselves as vulnerable, compared to 86% in 2018.

SEE ALSO: