Contents:
The infamous piece of malware known as Emotet has begun to distribute a new module that is intended to steal credit card information that is saved in the Chrome web browser.
The event takes place in the midst of a rise in Emotet activity, which has been seen since the group was revived around the end of last year. Prior to that, it had been dormant for ten months, after a law enforcement operation that disabled its attack infrastructure in January 2021.
Emotet is still the most popular malware with a global impact of 6 percent of organizations worldwide, followed by Formbook and Agent Tesla. The malware is testing out new delivery methods using OneDrive URLs and PowerShell in.LNK attachments in order to circumvent the macro restrictions imposed by Microsoft.
The fact that the number of phishing emails, which typically involve the hijacking of already existing correspondence, increased from approximately 3,000 in February 2022 to approximately 30,000 in March 2022 as part of a mass-scale spam campaign is further evidence that the steady growth of Emotet-related threats.
As explained by We Live Security, ESET said that the number of Emotet detections increased over 11,000 percent over the first four months of 2022 when compared to the prior three-month period that spanned September to December 2021. The company stated that Emotet activity “moved to a higher gear” in March and April 2022.
According to the cybersecurity business, Japan, Italy, and Mexico have been some of the most frequent targets ever since the botnet’s revival. The organization also highlighted that the strongest wave was recorded on March 16, 2022.
We can also confirm that Emotet – the infamous malware, spread primarily through spam emails – is back after last year’s takedown attempts, and has shot back up in our telemetry. Its operators spewed spam campaign after spam campaign, with Emotet detections growing by more than a hundredfold!
About Emotet
Emotet is a kind of malware that is classified as a banking Trojan and is a member of the strain of malware known as banking Trojans.
The sophisticated, self-propagating, and modular trojan is distributed through email campaigns and serves as a distributor for other payloads such as ransomware. It is believed that the threat actor known as TA542 (also known as Mummy Spider or Gold Crestwood) is responsible for its creation.
The malware is most often disseminated via a practice known as malspam, which refers to spam emails that themselves include malware (hence the term). Users are more likely to be convinced if the messages have recognizable branding and are structured in the same manner as emails from well-known and trustworthy firms like PayPal or DHL.
Follow us on LinkedIn, Twitter, Facebook, Youtube, or Instagram to keep up to date with everything we post!
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.
