The new Emotet botnet has a brand new module that attempts to steal the credit card information stored in Google Chrome user profiles.
The Emotet botnet has a brand new module that attempts to steal the credit card information stored in Google Chrome user profiles.
On June 6, the Proofpoint Threat insight team observed a new Emotet module dropped by the E4 botnet.
The malware can exfiltrate unsuspecting users' data, including names, card numbers and expiration month/year.
“To our surprise, it was a credit card stealer that was solely targeting the Chrome browser. Once card details were collected, they were exfiltrated to different C2 servers than the module loader," reported the Proofpoint Threat Insights team.
This change comes after increasing activity during April and switching to 64-bit modules.
The following week, Emotet started using Windows shortcut files (.LNK) to execute PowerShell commands to infect victims' devices, moving away from Microsoft Office macros, now disabled by default starting early April 2022, reports BleepingComputer.
In 2014 Emotet first appeared as a banking trojan. It eventually became a botnet that the TA542 threat group, also known as Mummy Spider, uses to deliver second-stage payloads.
In early 2021, European agencies like Europol and Eurojust came together to take down Emotet’s infrastructure. This came as part of a joint effort between law enforcement agencies from the U.S., U.K., the Netherlands, France, Germany, Canada, Lithuania, and Ukraine. The investigators eventually managed to control Emotet’s servers, thus restricting the botnet’s functioning.
In November 2021, Emotet came back by tapping into TrickBot’s existing infrastructure.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?