EvilExtractor All-in-One Stealer Campaign Targets Windows User Data

An uptick in EvilExtractor activity aims to compromise endpoints to steal browser from targets across Europe and the US, researchers say.

A phishing campaign that launched in March and is actively targeting Microsoft operating system users in Europe and the US is making the rounds, using the EvilExtractor tool as its weapon of choice.
Research this week from FortiGuard Labs details the EvilExtractor attack chain, explaining that it usually starts with a legitimate-seeming Adobe PDF or Dropbox link, which instead deploy a malicious
PowerShell
when opened or clicked, before eventually leading to the modular EvilExtractor malware.
Its primary purpose seems to be to steal browser data and information from compromised endpoints, and then upload it to the attacker’s FTP server, FortiGuard Labs researchers wrote.
The report points out that EvilExtractor was first developed by Kodex, which claimed that, despite its obvious name, its used as an educational tool, according to the
EvilExtractor
report. However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info-stealer.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
EvilExtractor All-in-One Stealer Campaign Targets Windows User Data