Evilnum threat actor was first spotted in 2018 while using homonym malware. Group aimed at harvesting financial information from financial technology companies. Most of the targets are located in EU and in the UK, but experts also observed attacks against companies in Australia and Canada. Experts observed several variants of the script since May 2018, having different server-side code for the C&C and supporting different commands. The most recent variant can take screenshots, run commands and files, send information to the server, and achieve persistence.”]
Source: https://securityaffairs.co/wordpress/105784/cyber-crime/evilnum-group.html