The Emotet malware gang, the criminals behind the Emotet botnet, are now targeting Chrome-based credit card information. According to the BleepingComputer, Emotet is using a credit card stealer module to steal credit card information that are available in Google Chrome browser
The gang became famous for being a banking trojan. They then evolved into spamming and malware delivery.
(Photo : Michael Geiger via Unsplash)
Emotet Malware Gang is Back
The researchers with cybersecurity vendor Proofpoint’s Threat Insight team stated that once the user’s credit card data is exfiltrated, it will then be sent by the malware to command-and-control (C2) servers. This is not the same with the one the card stealer module uses.
The targeting of credit card data showcased Emotet’s return. In January 2021, the Europol together with the law enforcement from countries such as the United States, the UK and Ukraine wiped out the Emotet’s infrastructure. With this, the agencies hoped they had put a rest to the malware threat.
However, starting November 2021, there have been reports from the threat intelligence groups that there are indications that Emotet had returned. The gang is “attributed to the TA542 threat group, also known as Mummy Spider and Gold Crestwood,” according to The Register.
“The notorious botnet Emotet is back, and we can expect that new tricks and evasion techniques will be implemented in the malware as the operation progresses, perhaps even returning to being a significant global threat,” Ron Ben Yizhak, security researcher with cybersecurity vendor Deep Instinct, wrote in a blog post in November, as cited by The Register.
It didn’t take long for Emotet to return to their criminal activities. In April 2022, Emotet was the top global malware threat, according to Cybersecurity firm Check Point. They had already affected six percent of the companies worldwide.
The group’s resurgence was also spotted by security software vendor Kaspersky in April. Kaspersky observed “a significant spike in a malicious email campaign designed to spread the Emotet and Qbot malware.” In fact, from 3,000 emails in the campaigned in February, it jumped to about 30,000 a month…