LTS Secure Warning: New Python-Based RAT PyVil Targets FinTech Firms

The Evilnum group, which specializes in targeting Fintech firms, have developed new Python-Based RAT, dubbed as PyVil.


Technical Details

Threat actors have utilized spear-phishing as their attack vector for their attack campaign against Fintech firms, using Know Your Customer regulations (KYC) as a lure.

The Python-RAT “PyVil” is complied with py2exe, converting the python script into a windows executable. This enables the RAT to download additional payload, thus expanding its functionality. The python code has also been obfuscated with additional layers to ensure that researches are not able to decompile it with their exiting tools.



  • Log user’s keystrokes.
  • Take screenshots of desktop.
  • Command Execution.
  • Get hardware & software information.
  • Upload & executing payloads on the infected machines.
  • Exfiltration of sensitive data.


Recommended Actions

  • Never download any suspicious attachments or click on any shady-looking link.
  • Take an effort to educate your users on how to identify a mal-spam.
  • Always update your anti-virus software with the latest releases.
  • Periodically run “full system scan” on your endpoints.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.
  • Isolate all of the compromised computers ASAP to prevent threats from spreading further inside your infrastructure.