TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here’s why you can trust us
By Sead Fadilpašić published 9 June 22
Emotet has a new module that is targeting Chrome users
The Emotet botnet now has a brand new module that steals credit card information stored in Google Chrome user profiles.
Emotet was first spotted by cybersecurity researchers from Proofpoint dropping the new module on June 6. It tries to steal names, expiration dates, and card numbers stored in Chrome user profiles. An interesting detail is that the stealer exfiltrates the data to a command & control (C2) server that’s different from the module loader.
Emotet has had quite the ride. It was almost entirely wiped off the grid a year ago when German law enforcement used its own infrastructure to deliver a module that uninstalled the malware (opens in new tab) from all infected devices.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab) . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
It returned half a year later in November 2021, when several cybersecurity researchers spotted Trickbot trying to download a DLL, identified as Emotet, to the system.
A little over a month ago, Emotet’s operators were spotted moving away from Microsoft Office macros for distribution, and towards Windows shortcut files (.lnk).
The malware was first seen in the wild back in 2014. At the time, it was used as a banking trojan, but has since evolved into a botnet. Some researchers believe it was developed by a threat actor known as Mummy Spider (AKA TA542) to serve as a dropper for second-stage viruses. Among others, Emotet was spotted dropping Qbot, and Trickbot which, in turn, were spotted delivering Cobalt Strike beacons, and various ransomware (opens in new tab) strains, including Ryuk, or Conti.
> Emotet malware is back, and potentially nastier than ever (opens in new tab) > Hackers have found a sneaky new way to infect Windows devices (opens in new tab) > Emotet malware impersonates IRS as 2022 tax season approaches (opens in new tab)
Today, it is able to steal sensitive and personally identifiable data, spy on traffic moving through compromised networks, and move laterally.
Cybersecurity researchers from ESET recently said Emotet has had a significant increase in activity this year, "with its activity growing more than 100-fold vs T3 2021."
Via: BleepingComputer (opens in new tab)
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Thank you for signing up to TechRadar. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site (opens in new tab) .
© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.