Tag Archive for: Emotet

Emotet rockets into pole posit

/in


PALO ALTO, Calif., May 12, 2022 (GLOBE NEWSWIRE) — HP Inc. (: HPQ) today announced that the HP Wolf Security threat research team has identified a 27-fold increase in detections resulting from Emotet malicious spam campaigns in Q1 2022, compared to Q4 2021 – when Emotet first made its reappearance. The latest global HP Wolf Security Threat Insights Report – which provides analysis of real-world cybersecurity attacks – shows that Emotet has bolted up 36 places to become the most common malware family detected this quarter (representing 9% of all malware captured). One of these campaigns – which was targeted at Japanese organizations and involved email thread hijacking to trick recipients into infecting their PCs – was largely responsible for an 879% increase in .XLSM (Microsoft Excel) malware samples captured compared to the previous quarter.

By isolating threats that have evaded detection tools and made it to user endpoints, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals. Notable examples include:

  • Stealthy alternatives to malicious Microsoft Office documents growing popular, as macros start being phased out: As Microsoft has begun disabling macros, HP has seen a rise in non-Office-based formats, including malicious Java Archive files (+476%) and JavaScript files (+42%) compared to last quarter. Such attacks are harder for organizations to defend against because detection rates for these file types are often low, increasing the chance of infection.
  • Signs indicate HTML smuggling on the rise: The median file size of HTML threats grew from 3KB to 12KB, suggesting a rise in the use of HTML smuggling, a technique where cybercriminals embed malware directly into HTML files to bypass email gateways and evade detection, before gaining access and stealing critical financial information. Recent campaigns were seen targeting Latin American and African banks.
  • “Two for One” malware campaign leads to multiple RAT infections: A Visual Basic script attack was found being used to kick start a kill chain resulting in multiple infections on the same device, giving attackers persistent access to victims’ systems with VW0rm, NjRAT and…

Source…

Emotet Malware Gang Targets Chrome-based Credit Card Data

/in


Beware!

The Emotet malware gang, the criminals behind the Emotet botnet, are now targeting Chrome-based credit card information. According to the BleepingComputer, Emotet is using a credit card stealer module to steal credit card information that are available in Google Chrome browser

The gang became famous for being a banking trojan. They then evolved into spamming and malware delivery.

Emotet Malware Gang Targets Chrome-based Credit Card Data

(Photo : Michael Geiger via Unsplash)

Emotet Malware Gang is Back

The researchers with cybersecurity vendor Proofpoint’s Threat Insight team stated that once the user’s credit card data is exfiltrated, it will then be sent by the malware to command-and-control (C2) servers. This is not the same with the one the card stealer module uses.

The targeting of credit card data showcased Emotet’s return. In January 2021, the Europol together with the law enforcement from countries such as the United States, the UK and Ukraine wiped out the Emotet’s infrastructure. With this, the agencies hoped they had put a rest to the malware threat.

However, starting November 2021, there have been reports from the threat intelligence groups that there are indications that Emotet had returned. The gang is “attributed to the TA542 threat group, also known as Mummy Spider and Gold Crestwood,” according to The Register.

“The notorious botnet Emotet is back, and we can expect that new tricks and evasion techniques will be implemented in the malware as the operation progresses, perhaps even returning to being a significant global threat,” Ron Ben Yizhak, security researcher with cybersecurity vendor Deep Instinct, wrote in a blog post in November, as cited by The Register.

It didn’t take long for Emotet to return to their criminal activities. In April 2022, Emotet was the top global malware threat, according to Cybersecurity firm Check Point. They had already affected six percent of the companies worldwide.

The group’s resurgence was also spotted by security software vendor Kaspersky in April. Kaspersky observed “a significant spike in a malicious email campaign designed to spread the Emotet and Qbot malware.” In fact, from 3,000 emails in the campaigned in February, it jumped to about 30,000 a month…

Source…

Emotet becomes most common malware family in Q1 2022

/in


Emotet becomes most common malware family in Q1 2022 | Security Magazine




Source…

A Shake Up in the Index but Emotet is Still on Top

/in


Check Point Software Technologies INC

Check Point Software Technologies INC

Check Point Research reports that April has seen a lot of activity from Formbook to Lokibot. This month also saw Spring4Shell make headlines, but it is not yet one of the most exploited vulnerabilities

SAN CARLOS, Calif., May 11, 2022 (GLOBE NEWSWIRE) — Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for April 2022. Researchers report that Emotet, an advanced, self-propagating and modular Trojan, is still the most prevalent malware impacting 6% of organizations worldwide. Despite this, there has been movement for all other malwares in the list. Tofsee and Nanocore are out, and have been replaced by Formbook and Lokibot, now the second and sixth most prevalent malwares respectively.

Emotet’s higher score in March (10%) was mainly due to specific Easter themed scams but this month’s decrease could also be explained by Microsoft’s decision to disable specific macros associated with Office files, affecting the way that Emotet is usually delivered. In fact, there are reports that Emotet has a new delivery method; using phishing emails that contain a OneDrive URL. Emotet has many uses after it succeeds in bypassing a machine’s protections. Due to its sophisticated techniques of propagating and assimilation, Emotet also offers other malwares to cybercriminals on dark web forums including banking trojans, ransomwares, botnets, etc. As a result, once Emotet finds a breach, the consequences can vary depending on which malware was delivered after the breach was compromised.

Elsewhere in the index, Lokibot, an infostealer, has re-entered the list in sixth place after a high impact spam campaign delivering the malware via xlsx files made to look like legitimate invoices. This, and the rise of Formbook, have had a knock on effect on the position of other malwares with the advanced remote access trojan (RAT) AgentTesla, for example, dropping into third place from second.

At the end of March, critical vulnerabilities were found in Java Spring Framework, known as…

Source…