The Emotet Trojan, who worked as a thorn in the heel of financial institutions, is back. This time with new techniques and a sharp increase in the number of attacks. Menlo Security researchers report that Emotet attacks have increased significantly since mid-January and that the malware is infecting more systems.
Emotet was discovered in 2014 and is known as one of the most destructive financial trojans there are. The malware was developed by a group that calls itself Mealybug. It is a malware-as-a-service case, which is available as a platform for other cyber attackers. While Emotet malware usually delivers other malware, nowadays it also serves as a brute-force attacker. The malware can also set up Business Email Compromise (BEC) messages through compromised accounts to create loopholes and steal financial data.
Most precious and destructive
In 2018 a US-CERT security advisory was released in which Emotet was one of the most costly and destructive malware affecting the state, local, tribal and territorial (SLTT in English, ed.) governments, as well as the private and public sector. In addition, Trend Micro researchers warned in November that Emotet could protect itself better than ever against attempts to take the malware offline.
Menlo Security now claims that the malware is spreading in completely new ways and is also targeting new sectors. The malware now spreads itself through URLs hosted on the attacker’s infrastructure, as well as traditional email attachments. In recent times, the number of attacks on sectors such as healthcare, insurance and the financial sector has also risen sharply.
Twenty percent of the malware that Menlo analysed consisted of a Word document with macros. But new is the eighty percent that is an XML file, disguised as a Word document. According to the Menlo researchers, in this way the attackers would want to circumvent both detection and sandbox designs. Researchers often use the latter technique to analyse malware code.
The researchers expect Emotet to be one of the most widely used banking trojans in 2019, just as it was last year.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.
28 minutes ago
