Emotet variant now steals credit card data from Google Chrome

The Emotet botnet used by criminals to distribute malware around the world has begun attempting to steal credit card information from unsuspecting Google Chrome users.

See Also How to set up Sites and Spaces on Confluence Cloud and How to Fix the CVE-2022-30190 MSDT Vulnerability

According to security researchers the malware target Google Chrome, then sends the exfiltrated information to command-and-control servers. The resurgence of the Emotet botnet comes over a year after Europol and international law enforcement agencies shut down the botnet’s infrastructure in January 2021, and used the botnet to deliver software to remove the malware from infected computers.

Emotet, attributed to a threat actor known as TA542 (aka Mummy Spider or Gold Crestwood), is an advanced, self-propagating and modular trojan that’s delivered via email campaigns and is used as a distributor for other payloads such as ransomware.

As of April 2022, it is said that Emotet is still the most popular malware with a global impact of 6% of organizations worldwide, followed by Formbook and Agent Telsa, per Check Point with the malware testing out new delivery methods using OneDriveURLs and PowerShell in.LNK attachments to get around Microsoft’s macro restrictions.

Earlier in the news: Apple announces new MacBook Air with M2 Chip, Notch, MagSafe, new colors, and more

A cybersecurity platform Deep Instinct states that new variants of the Emotet botnet had emerged in the fourth quarter of 2021, with massive phishing campaigns against Japanese businesses in February and March 2022, expanding to new regions in April and May. The Emotet botnet was also allegedly helped by another notorious group that created the Trickbot malware.

According to Deep Instinct, Emotet detections increased more than 2,700 percent in Q1 2022 compared to Q4 2021. Forty-five percent of malware was using a Microsoft Office attachment. Meanwhile, Emotet has begun using Windows PowerShell scripts and almost 20 percent of malware were taking advantage of a 2017 Microsoft Office security flaw.

On the other hand, ESET researchers explained that the Emotet botnet activity had grown nearly a hundred-fold compared to 2021, with the biggest campaign detected on March 16, targeting Japan, Italy and Mexico. Microsoft disabled macros in its Office software in April as a security measure, prompting the botnet to use malicious LNK files (Windows shortcuts) and distributing malware via Discord

In order to lower the chances of being infected by the Emotet botnet, users must make sure their operating system and programs are always up to date, take regular backups of important information stored separately. The malware primarily spreads through malicious email campaigns, so users should avoid opening or clicking on links and downloading attachments from unknown senders.

Leave a Reply

Inline Feedbacks
View all comments