New Emotet Module Steals Bank Card Data from Chrome

New Emotet Module
Written by Emma Davis

Proofpoint experts discovered that the Emotet malware has a new module designed to steal bank card data stored in the Chrome browser.

According to Proofpoint, the new module appeared on June 6, 2022 and attacks Chrome exclusively, passing the collected information to the control servers (different from those that usually use the map stealing module and the downloader module).

Let me remind you that we wrote that Emotet compromised more than 4 million mailboxes.

It’s also worth noting that a week ago, Emotet began using Windows Shortcut (.LNK) files to execute PowerShell commands to infect victim systems, deprecating Microsoft Office macros, which have been disabled by default since early April 2022.

Let me remind you that in January last year, Europol, the FBI and law enforcement agencies in many countries of the world, including Canada, the Netherlands, France, Germany, Lithuania, the UK and Ukraine, conducted a large-scale coordinated operation to eliminate Emotet; preparation for the operation lasted two years. Then law enforcement officers managed to seize control over the botnet infrastructure, disrupting its operation. As a result, criminals lost the ability to use hacked machines, and the malware stopped spreading to new targets.

However, at the end of 2021, ten months after this operation, the researchers again discovered malware activity.

It turned out that another well-known botnet, TrickBot, helped Emotet operators get back on their feet by installing Emotet malware on systems already infected by TrickBot itself.the researchers wrote.

Since then, the malware has gradually gained momentum, and ESET recently reported that in March and April 2022, the number of Emotet detections increased by 100 times. Analysts recorded an increase of more than 11,000% during the first four months of the year (compared to the period from September to December 2021).

New Emotet Module

History of Emotet

Emotet appeared back in 2014, but only in recent years it has become one of the most active threats among malware.

The malware was distributed mainly through email spam, through malicious Word, Excel documents, and so on. Such emails could be disguised as invoices, waybills, account security warnings, invitations to a party, or as information about the spread of the coronavirus. In a word, hackers closely followed global trends and constantly improved bait emails.

Although Emotet once started out as a classic banking Trojan, the threat has since evolved into a powerful downloader with many modules, and its operators have begun to actively cooperate with other criminal groups.

Having penetrated the victim’s system, Emotet used the infected machine to send spam further, and also installed a variety of additional malware on the device. Often these were bankers such as TrickBot, miners, infostealers, as well as cryptographers like Ryuk, Conti, ProLock.

Europol called Emotet “the most dangerous malware in the world” and also “one of the most prominent botnets of the last decade.”

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.