
Cybersecurity Threat Advisory: EvilExtractor malware surge detected
Note: This post details malware known as an infostealer. For more information about infostealers, see our blog on credential harvesting, phishing, and malware. This Cybersecurity Threat Advisory was originally published at SmarterMSP.com.
EvilExtractor malware has spiked in Europe and the US. EvilExtractor is distributed through phishing campaigns and can harvest various types of data, including browser history, passwords, and cryptocurrency wallets. This is a concern because of the malware’s ability to evade most antivirus software detection. Barracuda SOC recommends implementing security measures to prevent EvilExtractor malware activity.
What is the threat?
EvilExtractor is an all-in-one stealer malware that is primarily distributed through phishing campaigns. Once a victim opens a malicious file, the malware starts its operation and can extract sensitive information from the infected system, including browser history, cookies, passwords, and cryptocurrency wallets. The malware is equipped with a keylogger that can capture keystrokes and log user activities. Additionally, the malware can also take screenshots, capture webcam footage, and steal files. EvilExtractor can evade detection by most antivirus software due to its sophisticated encryption and obfuscation techniques.
Why is it noteworthy?
EvilExtractor is particularly concerning because it can evade most antivirus software’s detection. This threat is particularly dangerous for organizations with sensitive data such as financial institutions and healthcare provider. The spike in activity in Europe and the US suggests that the threat actors behind this malware are actively targeting these regions.
What is the exposure or risk?
The exposure or risk of EvilExtractor is significant, as the malware can harvest a variety of sensitive information that can be used for financial gain or other malicious purposes. Organizations who fail to implement adequate security measures are at risk of falling victim to this malware, which could result in financial losses, reputation damage, and legal liabilities.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of an EvilExtractor malware attack:
- Utilize a robust endpoint-protection solution – such as SentinelOne
- Educate employees via security awareness training
- Implement multi-factor authentication
- Monitor network activity for anomalies
- Keep software and systems up to date with the latest security patches
- Implement strong password policies
- Limit the amount of sensitive data stored on individual systems
Note: This post details malware known as an infostealer. For more information about infostealers, see our blog on credential harvesting, phishing, and malware. This Cybersecurity Threat Advisory was originally published at SmarterMSP.com.

The Ransomware Insights Report 2025
Key findings about the experience and impact of ransomware on organizations worldwide
Subscribe to the Barracuda Blog.
Sign up to receive threat spotlights, industry commentary, and more.

Managed Vulnerability Security: Faster remediation, fewer risks, easier compliance
See how easy it can be to find the vulnerabilities cybercriminals want to exploit