SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Malware
#
Banking
EMOTET banking malware returns with a wider scope & vengeance
Tue, 12th Sep 2017
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

The EMOTET banking malware has emerged with a wider target scope than ever before, three years after it was originally found.

The original malware primarily targeted the banking sector and monitored network activity in order to steal information. It was distributed through spam messages disguised as invoices and bank transfers.

Trend Micro researchers discovered the new Emotet variants in August. The variants were detected as TSPY_EMOTET.AUSJLA, TSPY_EMOTET.SMD3, TSPY_EMOTET.AUSJKW and TSPY_EMOTET.AUSJKV.

Researchers believe that the new variants have been created to target new geographic regions and new business sectors, although its functions as an information stealer remain the same.

Smart Protection Network data showed that the malware is targeting a number of industries, including healthcare and hospitality. Most of the malware is targeting the US, however the UK and ‘other' countries made up 12% of targets respectively.

Because the malware has been dormant for so long, researchers believe that the new wave of attacks are attempting to catch targets off guard, thus increasing affect effectiveness.

“For a malware with email-spamming and lateral-movement capabilities, infecting business systems and acquiring corporate e-mails translates to larger and more effective spam targeting and a higher chance of gaining information. For a malware with email-spamming and lateral-movement capabilities, infecting business systems and acquiring corporate e-mails translates to larger and more effective spam targeting and a higher chance of gaining information,” Trend Micro researchers say.

The new variants are also using botnets to deliver spam. Like the original Emotet, the variants mimic an invoice or payment notification in order to trick users into clicking a malicious URL. That URL downloads a document with a malicious macro, which is launched when clicked.

The macro runs PowerShell commands that distribute the malware into the system. It will establish itself as a system service and ensure it runs at startup every time, researchers say.

It can then make the infected system part of its botnet, deliver payloads such as Dridex, steal usernames and passwords and harvest email information.

 The Emotet malware can also spread through network propagation and compromised URLs for command - control purposes.

“The malware can also turn the infected system into part of a botnet that sends spam emails intended to spread the malware even further. This allows the trojan to spread quickly, as the more systems it can potentially infect, the faster it will propagate. The malware is also capable of harvesting email information and stealing username and password information found in installed browsers,” researchers conclude.

Multilayered security is recommended for protection against threats such as Emotet.

Related stories
Spirent partners with online payments platform to boost cyber defenses
Cisco launches Hypershield for AI-driven security upgrade
Keeper Security launches user-friendly passphrase generator
Axis unveils hybrid cloud platform for adaptable security solutions
Kaspersky illuminates LockBit ransomware group's advanced tactics
Top stories
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services
Business leaders anxious over data security – report
Half of online traffic in 2024 generated by bots, report finds