Micro Trend published an analysis of a new malware called, Evelyn Stealer. This malware is a information stealer, meaning it gathers data which includes cryptocurrency wallets and other pertinent information to a infected machine.
And this malware targets software developers weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem.
- Analysis of the Evelyn Stealer campaign targeting software developers shows that threat actors are weaponizing the Visual Studio Code (VSC) extension ecosystem to deploy a multistage, information-stealing malware.
-The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developer environments can also be abused as access points into broader organizational systems.
- This activity affects organizations with software development teams that rely on VSC and third-party extensions as well as those with access to production systems, cloud resources, or digital assets.
And so it's a sophisticated attack by the cyber criminals and once you downloaded the malware, it will install a malicious VSC extension and then it executes the payload. And once in execute it will resolves all Windows API needed for the malware to work.
Here is the target crypto wallets:
So if you're a software developer and you are involved in crypto, this is just a warning.
https://www.trendmicro.com/en_us/research/26/a/analysis-of-the-evelyn-stealer-campaign.html
