Threat Awareness – EvilExtractor: Potentially Legitimate Tool Leveraged for Malicious Intent

Fortinet has written a blog discussing the use of the EvilExtractor tool in a March 2023 phishing campaign targeting networks in America and Europe. EvilExtractor is claimed to be a legitimate education tool, but researchers discovered it being advertised on criminal markets as an information stealer. EvilExtractor is modular, giving it many capabilities, including the ability to steal and upload data, wipe logs, and install ransomware. It is noted to masquerade as a legitimate file, such as an Adobe PDF or Dropbox file, but once loaded, it begins to leverage PowerShell malicious activities. The post details the initial attack method utilized to deliver EvilExtractor and IOCs, which members are encouraged to integrate into their network defense solutions. Read more at Fortinet.