Beware!
The Emotet malware gang, the criminals behind the Emotet botnet, are now targeting Chrome-based credit card information. According to the BleepingComputer, Emotet is using a credit card stealer module to steal credit card information that are available in Google Chrome browser
The gang became famous for being a banking trojan. They then evolved into spamming and malware delivery.
Emotet Malware Gang is Back
The researchers with cybersecurity vendor Proofpoint's Threat Insight team stated that once the user's credit card data is exfiltrated, it will then be sent by the malware to command-and-control (C2) servers. This is not the same with the one the card stealer module uses.
The targeting of credit card data showcased Emotet's return. In January 2021, the Europol together with the law enforcement from countries such as the United States, the UK and Ukraine wiped out the Emotet's infrastructure. With this, the agencies hoped they had put a rest to the malware threat.
However, starting November 2021, there have been reports from the threat intelligence groups that there are indications that Emotet had returned. The gang is "attributed to the TA542 threat group, also known as Mummy Spider and Gold Crestwood," according to The Register.
"The notorious botnet Emotet is back, and we can expect that new tricks and evasion techniques will be implemented in the malware as the operation progresses, perhaps even returning to being a significant global threat," Ron Ben Yizhak, security researcher with cybersecurity vendor Deep Instinct, wrote in a blog post in November, as cited by The Register.
It didn't take long for Emotet to return to their criminal activities. In April 2022, Emotet was the top global malware threat, according to Cybersecurity firm Check Point. They had already affected six percent of the companies worldwide.
The group's resurgence was also spotted by security software vendor Kaspersky in April. Kaspersky observed "a significant spike in a malicious email campaign designed to spread the Emotet and Qbot malware." In fact, from 3,000 emails in the campaigned in February, it jumped to about 30,000 a month later.
"The campaign is likely connected to the increasing activity of the Emotet botnet," wrote a Kaspersky analysts in a blog post.
Read Also: SpaceX Tesla's Rocket Burst in Flames, Again
Who is Emotet?
Emotet started their operation in 2014 as a banking trojan. They steal sensitive and private information.
The gang developed into a self-propagating and modular trojan over the years. As a way into systems, they use phishing. They also offered services to other threat groups.
Emotet are often used to deliver Qbot and Trickbot malware trojan payloads of other gangs. It even include ransomware by other groups such as Ryuk and Conti, according to the BleepingComputer.
According to Charles Everette, directory of cybersecurity advocacy for Deep Impact, what makes Emotet unique is that it has kept its name.
Everette said that Emotet had already got their wing clipped but they managed to come back and become one of the prolific gang again. He added that Emotet managed to be successful in just a few months that they came back.
Emotet is re-establishing its name with new tricks under their sleeve, Everette added.
In November 2021, Emotet used TrickBot's existing infrastructure. The TrickBoth malware being used to push an Emotet loaded was detected by Emotet research group Cryptolaemus, computer security firm GData, and cybersecurity firm Advanced Intel, as reported by the BleepingComputer.
In February and March, Emotet attackers launched massive phishing campaigns that targeted Japanese businesses. This is just after they re-emerged last year.
Related Article: Emotet Botnet Takedown Successful: How to Check if Your Email Was Compromised by 'World's Most Dangerous Malware'
