1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google Chrome user profiles under attack from Emotet malware

    From TechnologyDaily@1337:1/100 to All on Thu Jun 9 20:30:04 2022
    Google Chrome user profiles under attack from Emotet malware

    Date:
    Thu, 09 Jun 2022 19:17:07 +0000

    Description:
    Emotet has a new module that steals credit card data from Chrome profiles.

    FULL STORY ======================================================================

    The Emotet botnet now has a brand new module that steals credit card information stored in Google Chrome user profiles.

    Emotet was first spotted by cybersecurity researchers from Proofpoint
    dropping the new module on June 6. It tries to steal names, expiration dates, and card numbers stored in Chrome user profiles. An interesting detail is
    that the stealer exfiltrates the data to a command & control (C2) server
    thats different from the module loader.

    Emotet has had quite the ride. It was almost entirely wiped off the grid a year ago when German law enforcement used its own infrastructure to deliver a module that uninstalled the malware from all infected devices.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Emotet is back

    It returned half a year later in November 2021, when several cybersecurity researchers spotted Trickbot trying to download a DLL, identified as Emotet, to the system.

    A little over a month ago, Emotets operators were spotted moving away from Microsoft Office macros for distribution, and towards Windows shortcut files (.lnk).

    The malware was first seen in the wild back in 2014. At the time, it was used as a banking trojan, but has since evolved into a botnet. Some researchers believe it was developed by a threat actor known as Mummy Spider (AKA TA542) to serve as a dropper for second-stage viruses. Among others, Emotet was spotted dropping Qbot, and Trickbot which, in turn, were spotted delivering Cobalt Strike beacons, and various ransomware strains, including Ryuk, or Conti. Read more

    Emotet malware is back, and potentially nastier than ever


    Hackers have found a sneaky new way to infect Windows devices


    Emotet malware impersonates IRS as 2022 tax season approaches

    Today, it is able to steal sensitive and personally identifiable data, spy on traffic moving through compromised networks, and move laterally.

    Cybersecurity researchers from ESET recently said Emotet has had a
    significant increase in activity this year, "with its activity growing more than 100-fold vs T3 2021." Stay safe from Emotet with the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-chrome-user-profiles-under-attack-from-e motet-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)