The Evilnum APT specialized in targeting FinTech companies, has debuted its latest tool – a Python-based remote access Trojan (RAT), dubbed as PyVil. The malware’s emergence merges with a change in the chain of infection along with an expansion of APT infrastructure.
According to researchers at Cybereason, the PyVil RAT allows the attackers to exfiltrate data, take screenshots and perform keylogging, and can also roll out secondary credential-harvesting tools like LaZagne.
The latest series of campaigns noticed by Cybereason using PyVil RAT are widespread yet targeted, aiming at FinTech firms across the U.K. and E.U. The attack vector is malicious spear-phishing emails, which use the KYC (Know Your Customer regulations) as a lure.