A new malware called EvilExtractor is being sold online that allows threat actors to steal data from Windows systems. EvilExtractor includes several modules that work through an FTP service to steal information like passwords, cookies, and system metadata from browsers, as well as record keystrokes and encrypt files on the target system. The malware has been sold by an actor named Kodex since October 2022 and is continually being updated with new features. EvilExtractor was first observed being used in the wild in March 2023 in phishing email campaigns, with most of the victims located in Europe and the U.S.