Emotet Botnet Found Infecting Google Chrome to Steal Credit Card Information: All Details

Shut down in early 2021, Emotet has remerged as one of the biggest malware threats in 2022.

Emotet Botnet Found Infecting Google Chrome to Steal Credit Card Information: All Details

Photo Credit: Pixabay

According to researchers, Emotet detections shot up 2,700 percent in Q1 2022 compared to Q4 2021

Highlights
  • Emotet was created as a banking trojan in 2014
  • The botnet was shut down by Europol and other agencies last year
  • Emotet is relying on novel methods to infect users in 2022
Advertisement

The Emotet botnet — used by criminals to distribute malware around the world — has begun attempting to steal credit card information from unsuspecting users, according to security researchers. The malware targets the popular Google Chrome browser, then sends the exfiltrated information to command-and-control servers. The resurgence of the Emotet botnet comes over a year after Europol and international law enforcement agencies shut down the botnet's infrastructure in January 2021, and used the botnet to deliver software to remove the malware from infected computers.

Cybersecurity platform Proofpoint spotted a new Emotet module bring dropped on June 6, in the form of a credit card stealer. The malware only targets Google Chrome — one of the most widely used browers across platforms. While the module was dropped from one server, the credit card information — including card numbers and expiration dates — collected from Chrome is then uploaded to a different command-and-control (C2) server, according to the researchers.

Emotet was initially created as banking trojan in 2014, but later evolved into the TA542 threat group — also known as Mummy Spider — which was used to deliver malware to steal data, spy on and attack other devices on the same network. It was used to drop other notorious malware onto victims computers. In 2020, Check Point Research had flagged the use of the botnet to infect Japanese users with a coronavirus-themed email campaign. In January 2021, a six-nation enforcement team shut down the prolific network and disabled the infrastructure.

However, cybersecurity platform Deep Instinct states that new variants of the Emotet botnet had emerged in the fourth quarter of 2021, with massive phishing campaigns against Japanese businesses in February and March 2022, expanding to new regions in April and May. The Emotet botnet was also allegedly helped by another notorious group that created the Trickbot malware.

According to Deep Instinct, Emotet detections increased more than 2,700 percent in Q1 2022 compared to Q4 2021. Forty-five percent of malware was using a Microsoft Office attachment. Meanwhile, Emotet has begun using Windows PowerShell scripts and almost 20 percent of malware were taking advantage of a 2017 Microsoft Office security flaw.

On the other hand, ESET researchers explained that the Emotet botnet activity had grown nearly a hundred-fold compared to 2021, with the biggest campaign detected on March 16, targeting Japan, Italy and Mexico. Microsoft disabled macros in its Office software in April as a security measure, prompting the botnet to use malicious LNK files (Windows shortcuts) and distributing malware via Discord.

In order to lower the chances of being infected by the Emotet botnet, users must make sure their operating system and programs are always up to date, take regular backups of important information stored separately. The malware primarily spreads through malicious email campaigns, so users should avoid opening or clicking on links and downloading attachments from unknown senders.


Missed Apple's WWDC 2022? We discuss every major announcement on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

David Delima
As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More
Mi Smart Band 7 Spotted on NCC Certification Website, India Launch Imminent: Report
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »