Researchers from Intezer named the implant EvilGnome which is completely undetected by all the major security software from leading vendors. The implant possibly distributed by Gamaredon Group, a Russian based threat group that has been active since at least 2013. The malware impersonates the Gnome extension so that researchers from intezer name the implant Evilsnome The implant uses a different form of malicious attachments, delivered via spear-phishing techniques and employed the information-stealing tools.”]

