Researchers have noticed a rise in attacks utilizing the EvilExtractor tool for data theft, primarily through phishing campaigns in the United States and Europe. The malware, which Kodex sells for $59 per month, offers several attack modules, including ransomware and credential extraction. EvilExtractor is activated when the victim opens an executable attachment disguised as a legitimate file in phishing emails.
EvilExtractor’s various modules extract sensitive data from users, including cookies, browsing history, saved passwords, keyboard inputs, and webcam footage. If the Kodex ransomware module is triggered, it encrypts the victim’s files in a password-protected archive. Fortinet warns that EvilExtractor is continuously being updated and is gaining traction in the cybercrime community. Users are advised to be vigilant against unsolicited emails.