An APT group called Evilnum has reportedly adopted a new Python remote access Trojan (RAT). The new RAT was designed to target financial tech organizations through the creation of highly specific and sophisticating spear phishing attacks. Over the past few weeks, researchers have detected noticeable shifts in Evilnum’s tools, techniques, and operations, including the new RAT development.
The new RAT uncovered by cybersecurity researchers has been named PyVil, which is accompanied by changes in Evilnum’s behavior including its persistence, infection chains, infrastructure, and detection mitigation efforts. Evilnum typically targets specific fintech companies rather than utilizing broad phishing campaigns to reach more potential victims.
Read More: Evilnum APT Group Employs New Python RAT
