Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.
A new remote access trojan (RAT) is aiming at financial technology companies in the UK and European Union to capture sensitive information through keylogging and screen captures. Described in a Thursday blog post from cybersecurity firm Cybereason, the RAT named PyVil comes courtesy of the Evilnum APT (Advanced Persistent Threat) group. But this one has a few new tricks up its sleeve compared with previous trojans deployed by the group.
SEE: Security Awareness and Training policy (TechRepublic Premium)
In its blog post, “No Rest for the Wicked: Evilnum Unleashes PyVil RAT,” Cybereason points to Evilnum as an operation whose malware attacks and phishing campaigns are highly targeted. The group typically sets its sights on financial technology (FinTech) companies, and mostly those located in the UK and EU.