Emotet Malware Now Steals Credit Cards from Google Chrome Users
The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles.
After stealing the credit card info (i.e., name, expiration month and year, card numbers), the malware will send it to command-and-control (C2) servers different than the ones the Emotet card stealer module uses.
“On June 6th, Proofpoint observed a new #Emotet module being dropped by the E4 botnet,” the Proofpoint Threat Insights team revealed.
ployed in attacks as a banking trojan in 2014. It has evolved into a botnet the TA542 threat group (aka Mummy Spider) uses to deliver second-stage payloads.
It also allows its operators to steal user data, perform reconnaissance on breached networks, and move laterally to vulnerable devices.
Emotet is known for dropping Qbot and Trickbot malware trojan payloads on victims’ compromised computers, which are used to deploy additional malware, including Cobalt Strike beacons and ransomware such as Ryuk and Conti.
At the beginning of 2021, Emotet’s infrastructure was taken down in an international law enforcement action that also led to the arrest of two individuals.
German law enforcement used Emotet’s own infrastructure against the botnet, delivering a module that uninstalled the malware from infected devices on April 25th, 2021.
The botnet came back in November 2021 using TrickBot’s already existing infrastructure when Emotet research group Cryptolaemus, computer security firm GData, and cybersecurity firm Advanced Intel all detected the TrickBot malware being used to push an Emotet loader.
As ESET revealed on Tuesday, Emotet has seen a massive increase in activity since the start of the year, “with its activity growing more than 100-fold vs T3 2021.”