APT Group Targeting FinTech Sector Changes Method of Attack

APT Group Targeting FinTech Sector Changes Method of Attack

Posted September 4, 2020

APT Group Targeting FinTech Sector Changes Method of Attack

  • APT group Evilnum, known for its targeting of financial technology companies via fake know your customer (KYC) documents, has undergone a significant change in tactics and armory recently that the FinTech sector must be made aware of…
  • Instead of delivering four different LNK files in a zip archive that will be replaced by a JPG file, only one LNK is archived, which masquerades as a PDF containing several documents such as utility bills and credit card photos.
  • When the LNK file is executed, a JavaScript file is written to disk and executed, replacing the LNK file with a PDF.
  • This version of the JavaScript is the first stage of the infection chain, which leads to the delivery of a new Python Rat developed by Evilnum, which has been dubbed PyVil RAT.

– James Coker | September 4, 2020