Story image

EMOTET banking malware returns with a wider scope & vengeance

12 Sep 2017

The EMOTET banking malware has emerged with a wider target scope than ever before, three years after it was originally found.

The original malware primarily targeted the banking sector and monitored network activity in order to steal information. It was distributed through spam messages disguised as invoices and bank transfers.

Trend Micro researchers discovered the new Emotet variants in August. The variants were detected as TSPY_EMOTET.AUSJLA, TSPY_EMOTET.SMD3, TSPY_EMOTET.AUSJKW and TSPY_EMOTET.AUSJKV.

Researchers believe that the new variants have been created to target new geographic regions and new business sectors, although its functions as an information stealer remain the same.

Smart Protection Network data showed that the malware is targeting a number of industries, including healthcare and hospitality. Most of the malware is targeting the US, however the UK and ‘other’ countries made up 12% of targets respectively.

Because the malware has been dormant for so long, researchers believe that the new wave of attacks are attempting to catch targets off guard, thus increasing affect effectiveness.

“For a malware with email-spamming and lateral-movement capabilities, infecting business systems and acquiring corporate e-mails translates to larger and more effective spam targeting and a higher chance of gaining information. For a malware with email-spamming and lateral-movement capabilities, infecting business systems and acquiring corporate e-mails translates to larger and more effective spam targeting and a higher chance of gaining information,” Trend Micro researchers say.

The new variants are also using botnets to deliver spam. Like the original Emotet, the variants mimic an invoice or payment notification in order to trick users into clicking a malicious URL. That URL downloads a document with a malicious macro, which is launched when clicked.

The macro runs PowerShell commands that distribute the malware into the system. It will establish itself as a system service and ensure it runs at startup every time, researchers say.

It can then make the infected system part of its botnet, deliver payloads such as Dridex, steal usernames and passwords and harvest email information.

 The Emotet malware can also spread through network propagation and compromised URLs for command & control purposes.

“The malware can also turn the infected system into part of a botnet that sends spam emails intended to spread the malware even further. This allows the trojan to spread quickly, as the more systems it can potentially infect, the faster it will propagate. The malware is also capable of harvesting email information and stealing username and password information found in installed browsers,” researchers conclude.

Multilayered security is recommended for protection against threats such as Emotet.

Australians unsure of who is responsible for the safety of their information
According to a recent survey conducted by SOTI, Australians are increasingly concerned about the security of their health records.
Europol makes 61 arrests & nets €6.2 million in dark web crackdown
60 experts from 19 countries, Europol, and Eurojust were involved in hunting for activities including the illegal sale and signs of counterfeit goods and money, drugs, cybercrime, document fraud, non-cash payment fraud, trafficking in human beings and trafficking in firearms and explosives. 
The silver lining in Australia’s Government cloud strategy
Cloud has been a huge part of the ‘digital transformation’ conversation within Australian government during recent years.
Milestone: How video and IoT are finding their place in enterprise
Milestone Systems South Pacific country manager Jordan Cullis talks about three trends that will revolutionise the way video is viewed in 2019 and beyond.
Largest DDoS-for-hire websites responsible for 11% of attacks worldwide – Nexusguard
The FBI’s shutdown of the world’s 15 largest DDoS-for-hire “booter” websites in December resulted in 85% decrease in average attack sizes, year-over year.
Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.