Evilnum's PyVil RAT Hits European Banking Sector
September 4, 2020
unveiled new research from its Nocturnus Research team, titled No Rest
for the Wicked: EvilNum Unleashes PyVil RAT. The research details a new
targeted and widespread threat against UK and European Union financial
technology companies by the EvilNum APT Group. Cybereason researchers
also discovered PvVil, a new Python-scripted Remote Access Trojan (RAT),
being deployed to steal passwords, documents, browser cookies and email
The new Python-scripted RAT dubbed PyVil RAT was compiled with py2exe, which has the capability to download new modules to expand functionality.
“The EvilNum group is continuing the time-tested infection method of using phishing emails to infect enterprises. Enterprises need to constantly evolve their security stack to enable easier discovery and remediation of threats. The employees of enterprises shouldn't open email attachments from unknown sources and should avoid downloading information from dubious websites,” said Tom Fakterman, Threat Researcher, Cybereason.