Security News

The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. After stealing the credit card info, the malware will send it to command-and-control servers different than the ones the Emotet card stealer module.

The latest global HP Wolf Security Threat Insights Report - which provides analysis of real-world cybersecurity attacks - shows that Emotet has bolted up 36 places to become the most common malware family detected this quarter. Signs indicate HTML smuggling on the rise: The median file size of HTML threats grew from 3KB to 12KB, suggesting a rise in the use of HTML smuggling, a technique where cybercriminals embed malware directly into HTML files to bypass email gateways and evade detection, before gaining access and stealing critical financial information.

Abuse of trust relationships, even those as minute as the domain name for a hotel you may have stayed at two months ago, will yield better results for the actor attempting to convince an executive to interact with their email lure. The message appears to originate from a historic hotel, Hotel Warner, which opened in 1930, this hotel has been a member of "Historic Hotels of America" since 2016.

The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. Emotet is one of the most actively distributed malware spread through emails using phishing emails with malicious attachments, including Word/Excel documents, Windows shortcuts, ISO files, and password-protected zip files.

Emotet malware attacks are back after a 10-month "Spring break" - with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. The latest activity observed by researchers occurred while Emotet was on a "Spring break." Efforts were lowkey and likely an attempt to test new tactics without drawing attention.

Although it had previously been foiled by a global law enforcement effort, it looks like Emotet malware has returned behind a new campaign. New findings from cybersecurity company Check Point show that Emotet has reemerged since November 2021 as the most prevalent form of malware through an aggressive email drive using Easter themed phishing scams to distribute the botnet.

The Emotet botnet is now using Windows shortcut files containing PowerShell commands to infect victims computers, moving away from Microsoft Office macros that are now disabled by default. LNK files is not new, as the Emotet gang previously used them in a combination with Visual Basic Script code to build a command that downloads the payload. However, this is the first time that they utilized Windows shortcuts to directly execute PowerShell commands.

The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft's move to disable Visual Basic for Applications macros by default across its products. Calling the new activity a "Departure" from the group's typical behavior, ProofPoint alternatively raised the possibility that the latest set of phishing emails distributing the malware show that the operators are now "Engaged in more selective and limited attacks in parallel to the typical massive scale email campaigns."

The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments. Last Friday, the Emotet malware distributors launched a new email campaign that included password-protected ZIP file attachments containing Windows LNK files pretending to be Word documents.

More than a year after essentially being shut down, the notorious Emotet malware operation is showing a strong resurgence. Now Kaspersky Labs says a rapidly accelerating and complex spam email campaign is enticing marks with fraudulent messages designed to trick one into unpacking and installing Emotet or Qbot malware that can steal information, collect data on a compromised corporate network, and move laterally through the network and install ransomware or other trojans on networked devices.