Emotet malware is back with a new module designed to siphon credit card details specifically in Chrome.
Emotet Is Back… Again
The discovery comes from Proofpoint researchers who observed the new module being dropped by the E4 botnet. “To our surprise it was a credit card stealer that was solely targeting the Chrome browser. Once card details were collected they were exfiltrated to different C2 servers than the module loader,” the researchers said in a tweet.
Emotet was resurrected last year, months after it was dismantled by law enforcement. A report by security researcher Luca Ebach saw signs of Emotet usage in the wild last November, indicating that TrickBot was being utilized to deploy a new variant of Emotet on systems previously compromised by TrickBot.
Emotet has been described as an “all-in-one malware” which could be programmed by threat actors to either download other malware and steal files, or recruit the compromised systems into the botnet network. Known since at least 2014, the malware has been used in various attacks against both private targets and company and government networks.
When Was Emotet “Killed”?
In August 2020, security researchers created an exploit and subsequently a killswitch (dubbed EmoCrash) to prevent the Emotet malware from spreading.
Before being stopped by law enforcement, Emotet was actively distributed in spam campaigns themed with the coronavirus pandemic. The campaign was spreading malicious files masqueraded as documents with video instructions on how to protect against the coronavirus. Instead of learning anything useful, the potential victim would get a computer infection ranging from Trojans to worms, according to telemetry data provided by IBM X-Force and Kaspersky researchers.
We will continue to monitor Emotet’s activity and inform you on any new occurrences.