Emotet has released a new version aimed at Chrome users.
A new module in the Emotet botnet grabs credit card information contained in Google Chrome user accounts.
Proofpoint cybersecurity researchers discovered Emotet dropping the new module on June 6. It attempts to steal names, expiration dates, and credit card details from Chrome user accounts. An intriguing element is that the stealer sends the data to a separate command and control (C2) server than the module loader.
Emotet has changed a lot. A year ago, German law enforcement utilized its infrastructure to distribute malware that removed it from all affected machines. Thus, removing it off the internet.
Emotet has returned!
It reappeared a half-year later, in November 2021, when numerous cybersecurity experts observed Trickbot attempting to download a DLL known as Emotet to the system.
Emotet’s operators were seen migrating away from Microsoft Office macros and toward windows shortcut files a little more than a month ago.
So what is Emotet? The malware was originally discovered in the wild in 2014. Emotet is a Trojan that is mostly distributed via spam emails (malspam). This malware can be spread by malicious scripts, macro-enabled document files, or malicious links. Its emails can feature recognized brand design as an attempt to appear legit. Emotet encourages users to open the malicious files by using appealing wording such as “Your Invoice,” “Payment Details,” or a scheduled delivery from a well-known shipping company.
Initially, Emotet was employed as a banking trojan, but it has now developed into a botnet. Some researchers believe it was created by Mummy Spider (AKA TA542), a threat actor, to serve as a dropper for second-stage malware. It was seen dropping Qbot and Trickbot, which were then seen distributing Cobalt Strike beacons and numerous ransomware strains such as Ryuk or Conti.
It can now collect sensitive and personally identifiable information, access traffic through vulnerable networks, and migrate laterally.
According to ESET cybersecurity analysts, Emotet has seen a huge spike in activity this year with its activity jumping more than 100-fold over last year.
Let’s say if you think your system is infected by Emotet – Don’t panic. If your computer is linked to a network, disconnect it immediately. After isolating the affected machine, proceed to repair and clean it. But you’re not finished yet. Because Emotet spreads over your network, a clean computer might get infected again when connected to an infected network. Clean each computer on your network individually. Better to be safe than sorry!
