Evilnum steals your payment information companies and their customers| 10.07.2020
The company ESET has detected spyware Evilnum focused on FINTECH companies and their customers.
Evilnum steals the confidential data: information about credit card numbers and identity documents; spreadsheets and documents with lists of customers, information about
investment and trading transactions; internal presentations; of software licenses and credentials for trading software/trading platforms; electronic credentials
mail. Criminals can also gain access to information related to it infrastructure, for example, a VPN configuration.
The user receives e-mail with a link to Google Drive where you can download a ZIP file. It contains several LNK files (shortcuts) that extract and launch malicious component
JavaScript when the document is displayed-bait. Documents-bait, in turn, are disguised as harmless.
Documents used as baits, as a rule, are photos, credit cards, identification documents, or invoices with proof of address, as many
financial institutions are required to provide some of this from its customers.
Component JavaScript can be used to deploy other malware. Each component has its own C&C server and can act independently.
The malware can receive commands, including: gathering and sending of passwords stored in Google Chrome, stop, and remove malware, collection and sending of cookies to Google Chrome on the C&C server
save screenshots.
Software (FOR computer), card fraud, enterprise information security
Eset
