The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID.
Emotet, which officially re-emerged in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that’s distributed via phishing emails.
Attributed to a cybercrime group tracked as TA542 (aka Gold Crestwood or Mummy Spider), the virus has evolved from a banking trojan to a malware distributor since its first appearance in 2014.
The malware-as-a-service (MaaS) is also modular, capable of deploying an array of proprietary and freeware components that can exfiltrate sensitive information from compromised machines and carry out other post-exploitation activities.
Two latest additions to Emotet’s module arsenal comprise an SMB spreader that’s designed to facilitate lateral movement using a list of hard-coded usernames and passwords, and a credit card stealer that targets the Chrome web browser.
images from Hacker News
Recent Comments