Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters to big fintech threat actors.
The group has been active since at least 2018 and focuses on companies from the financial technology sector that offer trading and investment platforms.
Its targets are both companies and their customers, the objective being to steal financial information. An investigation into Evilnum’s activity from cybersecurity company ESET reveals that they’re looking for the following type of data:
- spreadsheets and documents with investment and trading operations
- internal presentations
- licenses and credentials for trading software
- cookies and session info from Google Chrome
- email logins
- customer credit card data and proof of identity
Source: Bleeping Computer