Eset, an international information security expert, has discovered the Evilnum spyware program targeting fintech companies and their customers.
Evilnum steals confidential data: customer credit card information and identity documents; spreadsheets and documents with customer lists, investment and trading details; internal presentations; software licenses and credentials for trading software/trading platforms; email credentials. Criminals can also access information related to the IT infrastructure, for example, VPN configurations.
The attack includes the following stages. The user receives an e-mail with a link to Google Drive, where he/she can download the ZIP file. It stores several LNK files that extract and launch a malicious JavaScript component when a decoy document is displayed. Decoy documents, in turn, are disguised as harmless ones.
Documents used as decoys are usually photos of credit cards, identity documents or invoices with addresses because many financial institutions require some of these documents from their customers.
The JavaScript component can deploy other malicious programs.
