New Malware EvilExtractor Is Targeting Windows Users

by | May 2, 2023

A new malware threat, EvilExtractor, has rapidly increased in usage since March of 2023, leaving businesses more vulnerable. Initially released in October last year, it targets Windows users and can steal sensitive data without being easily detected. It does not impact any computers and devices that don’t have Windows. For now, it’s mainly targeting users in the United States and Europe, though any region may be at risk. It’s mostly distributed through phishing campaigns, where bulk emails are sent to targeted companies.

What Is EvilExtractor?

EvilExtractor is a type of attack software that targets Windows-based operating systems. It can be disguised as an ordinary file, such as a .pdf, .exe, or .txt. From there, it can be attached to an email or uploaded to file-sharing services like Dropbox or Google Drive. As soon as the infected file is opened, it’s able to activate on the computer. Depending on how it’s configured, it can take screenshots, manage files, create fake errors, and steal data, which is then sent online to the attacker.

As a newer type of malware, EvilExtractor is less easily discovered by security systems and malware detectors. IT companies may be able to detect some of its suspicious activities, but it’s designed to hide within normal computer usage and online web traffic. Furthermore, it can cover its activity by adding itself to the exclusion list on Windows Defender and won’t activate in some virtual testing software. That can make it especially hard to uncover.

Why Should You Be Concerned About Malware?

Malware attacks are dangerous because they can quietly run in the background. In some situations, it may gather vital information for weeks, months, or even years if not handled correctly. Anything from financial data to medical records may be stolen in that time, which can later be sold off or used to harm anyone involved. In the case of ransomware, it won’t steal the data. Instead, it encrypts everything and pressures businesses to pay a fee to unlock it or risk having it deleted.

How Can Users Avoid Malware Like EvilExtractor?

One of the simplest ways to avoid malware, including EvilExtractor, is to be careful what you click on. It can’t be activated without someone opening it, so it’s important to validate the identity of who’s sending you files. Email security solutions, like SpamTitan, can also provide an additional layer of defense. If a malicious email is prevented from reaching the inbox in the first place, then people can’t mistakenly open a risky file.

When in Doubt, Call Your IT Provider

If you’re ever in doubt about the safety of a file or a new email contact, you should always reach out to your IT provider. Don’t hesitate; they never view security concerns as a waste of time or a silly question. With human error being a major factor in 95% of cyberattacks, there would be fewer successful attacks if more people asked about suspicious files and emails. Even if you’ve already opened an infected file, letting your IT provider know will allow them to react to the threat and minimize the damage.


Threats can come in many shapes and sizes, making cybersecurity awareness critical to keeping every user and business safe. EvilExtractor is one of many new malware threats being monitored by ITonDemand in 2023. However, like many digital threats, it can only cause problems if the user opens the infected file. To reduce most of the risk, use your email wisely and be careful when opening anything you download, especially if it’s from someone you don’t know.

Does your business need help with cybersecurity, threat detection, or email protection? Get in touch for a consultation via our contact form or call us at: +1 (800) 297-8293

Get IT Support