How PyVil RAT spreads<\/em><\/strong><\/h2>\n\n\n\nThe form of dissemination that this group has chosen has continued to be spear phishing, a scam carried out through e-mail in whose content they embed a document, generally a malicious PDF and a bait text for the victim to click, thus making it possible to system infection.<\/p>\n\n\n\n
The infection, in addition to collecting all kinds of data, like almost all malware, also has a Keylogger, a screen capture option and even uses a tool (LaZagne) to obtain the credentials saved in the browsers. The evolution of this RAT (Remote Access Trojan) family seems to be oriented towards fintech, financial engineering.<\/p>\n\n\n\n
The actions that PyVil RAT can take is focused on gathering information. For this purpose, it installs a keylogger that is complemented with the screen capture function and the ability to collect information about the infected system, including the version of Windows that is running, what antivirus products are installed and if there are USB devices connected. Given that, as we have already mentioned, the campaign has been directed at companies in the financial sector, it is easily imaginable how sensitive the information this Trojan can capture is, information that, exfiltrated to the server, remains at the disposal of Evilnum.<\/p>\n","protected":false},"excerpt":{"rendered":"
A new RAT malware has been detected (PyVil RAT), the latest tool from the Evilnum group of cybercriminals. The investigation has been carried out by the Nocturnus group of the security company Cybereason, which has been investigating and closely following the Evilnum group of cybercriminals since his creation. This investigation has discovered the PyRAT malware, […]<\/p>\n","protected":false},"author":1,"featured_media":803,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[36,35,106],"class_list":["post-801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-trojan"],"yoast_head":"\n
PyVil RAT - New Trojan from the Evilnum group - Truxgo Server Blog<\/title>\n<meta name=\"description\" content=\"PyVil RAT a new Trojan created by the cybercriminal group called Evilnum, what is this Trojan about and why companies should be careful...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/\" \/>\n<meta property=\"og:locale\" content=\"es_MX\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PyVil RAT - New Trojan from the Evilnum group - Truxgo Server Blog\" \/>\n<meta property=\"og:description\" content=\"PyVil RAT a new Trojan created by the cybercriminal group called Evilnum, what is this Trojan about and why companies should be careful...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/\" \/>\n<meta property=\"og:site_name\" content=\"Truxgo Server Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-27T00:38:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-09-29T01:43:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/09\/Hacker.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"595\" \/>\n\t<meta property=\"og:image:height\" content=\"374\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Truxgo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Truxgo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/\"},\"author\":{\"name\":\"Truxgo\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/person\\\/8b409c26449db6aa09724b45331e333e\"},\"headline\":\"PyVil RAT – New Trojan from the Evilnum group\",\"datePublished\":\"2020-09-27T00:38:05+00:00\",\"dateModified\":\"2020-09-29T01:43:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/\"},\"wordCount\":323,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/Hacker.jpg\",\"keywords\":[\"Cybersecurity\",\"Malware\",\"Trojan\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/\",\"name\":\"PyVil RAT - New Trojan from the Evilnum group - Truxgo Server Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/Hacker.jpg\",\"datePublished\":\"2020-09-27T00:38:05+00:00\",\"dateModified\":\"2020-09-29T01:43:46+00:00\",\"description\":\"PyVil RAT a new Trojan created by the cybercriminal group called Evilnum, what is this Trojan about and why companies should be careful...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/#primaryimage\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/Hacker.jpg\",\"contentUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/Hacker.jpg\",\"width\":595,\"height\":374},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/pyvil-rat-new-trojan-from-the-evilnum-group\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PyVil RAT – New Trojan from the Evilnum group\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/\",\"name\":\"Truxgo Server Blog\",\"description\":\"Cloud Server and Hosting Tutorials.\",\"publisher\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#organization\",\"name\":\"Truxgo Server Blog\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/cropped-truxgo-logo-blanco.png\",\"contentUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/cropped-truxgo-logo-blanco.png\",\"width\":1250,\"height\":278,\"caption\":\"Truxgo Server Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/person\\\/8b409c26449db6aa09724b45331e333e\",\"name\":\"Truxgo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g\",\"caption\":\"Truxgo\"},\"sameAs\":[\"https:\\\/\\\/truxgoservers.com\\\/blog\"],\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/author\\\/truxgo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PyVil RAT - New Trojan from the Evilnum group - Truxgo Server Blog","description":"PyVil RAT a new Trojan created by the cybercriminal group called Evilnum, what is this Trojan about and why companies should be careful...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/","og_locale":"es_MX","og_type":"article","og_title":"PyVil RAT - New Trojan from the Evilnum group - Truxgo Server Blog","og_description":"PyVil RAT a new Trojan created by the cybercriminal group called Evilnum, what is this Trojan about and why companies should be careful...","og_url":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/","og_site_name":"Truxgo Server Blog","article_published_time":"2020-09-27T00:38:05+00:00","article_modified_time":"2020-09-29T01:43:46+00:00","og_image":[{"width":595,"height":374,"url":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/09\/Hacker.jpg","type":"image\/jpeg"}],"author":"Truxgo","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"Truxgo","Tiempo de lectura":"2 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/#article","isPartOf":{"@id":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/"},"author":{"name":"Truxgo","@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/person\/8b409c26449db6aa09724b45331e333e"},"headline":"PyVil RAT – New Trojan from the Evilnum group","datePublished":"2020-09-27T00:38:05+00:00","dateModified":"2020-09-29T01:43:46+00:00","mainEntityOfPage":{"@id":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/"},"wordCount":323,"commentCount":2,"publisher":{"@id":"https:\/\/truxgoservers.com\/blog\/#organization"},"image":{"@id":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/#primaryimage"},"thumbnailUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/09\/Hacker.jpg","keywords":["Cybersecurity","Malware","Trojan"],"articleSection":["Cybersecurity"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/","url":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/","name":"PyVil RAT - New Trojan from the Evilnum group - Truxgo Server Blog","isPartOf":{"@id":"https:\/\/truxgoservers.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/#primaryimage"},"image":{"@id":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/#primaryimage"},"thumbnailUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/09\/Hacker.jpg","datePublished":"2020-09-27T00:38:05+00:00","dateModified":"2020-09-29T01:43:46+00:00","description":"PyVil RAT a new Trojan created by the cybercriminal group called Evilnum, what is this Trojan about and why companies should be careful...","breadcrumb":{"@id":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/#primaryimage","url":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/09\/Hacker.jpg","contentUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/09\/Hacker.jpg","width":595,"height":374},{"@type":"BreadcrumbList","@id":"https:\/\/truxgoservers.com\/blog\/pyvil-rat-new-trojan-from-the-evilnum-group\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/truxgoservers.com\/blog\/"},{"@type":"ListItem","position":2,"name":"PyVil RAT – New Trojan from the Evilnum group"}]},{"@type":"WebSite","@id":"https:\/\/truxgoservers.com\/blog\/#website","url":"https:\/\/truxgoservers.com\/blog\/","name":"Truxgo Server Blog","description":"Cloud Server and Hosting Tutorials.","publisher":{"@id":"https:\/\/truxgoservers.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/truxgoservers.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/truxgoservers.com\/blog\/#organization","name":"Truxgo Server Blog","url":"https:\/\/truxgoservers.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/08\/cropped-truxgo-logo-blanco.png","contentUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/08\/cropped-truxgo-logo-blanco.png","width":1250,"height":278,"caption":"Truxgo Server Blog"},"image":{"@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/person\/8b409c26449db6aa09724b45331e333e","name":"Truxgo","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g","caption":"Truxgo"},"sameAs":["https:\/\/truxgoservers.com\/blog"],"url":"https:\/\/truxgoservers.com\/blog\/author\/truxgo\/"}]}},"_links":{"self":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts\/801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/comments?post=801"}],"version-history":[{"count":3,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts\/801\/revisions"}],"predecessor-version":[{"id":813,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts\/801\/revisions\/813"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/media\/803"}],"wp:attachment":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/media?parent=801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/categories?post=801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/tags?post=801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}