If you’re involved in information security in any capacity, you’re probably quite familiar with the infamous Emotet botnet. It’s one of the most dangerous and prolific botnets out there and it is a dire threat to organizations of all sizes.
The bad news is that the botnet is still being actively enhanced and is gaining new capabilities at regular intervals.
Most recently, its developers have added a new credit card stealing module that is designed to harvest saved credit card information stored in Google Chrome profiles.
Once it harvests information (name on the card, card number, security code, and expiration month and year), the malicious code will send that data to a command-and-control server controlled by the Emotet group.
The new capabilities were discovered by researchers at Proofpoint, and they reported being somewhat surprised that the new module was designed specifically to target Chrome users. No other browsers are impacted by it.
Emotet has a fascinating history. It first hit the internet in 2014 and when it first appeared, it was a simple banking trojan.
A concerted effort by law enforcement nearly destroyed the botnet. They took it offline as law enforcement officers pulled the plug on most of the botnet’s infrastructure.
Things were quiet for several months, but then in November 2021, Emotet returned like a malicious phoenix and has been causing trouble for IT professionals around the world ever since.
Controlled by the TA542 threat group also known as Mummy Spider, it can be used to deliver any number of second-stage payloads which makes it incredibly dangerous.
This is one malware you will have to stay on the alert for. There’s no telling what new features the threat group will add next, and you may find yourself in Mummy Spider’s crosshairs.