Search This Blog

Showing posts with label Emotet Trojan. Show all posts

Botnet Activity Goes Down; Revived Emotet Suffers Hindrances in Operations by A Vigilante Hacker


An anonymous vigilante hacker has been actively involved in obstructing 2019's most widespread cybercrime operation, Emotet that made a comeback recently. He has been sabotaging the malicious affairs and protecting users from getting affected by removing Emotet payloads and inserting animated GIFs at their places. Acting as an intruder, he replaced Emotet payloads with animated GIFs on certain hacked WordPress sites, meaning when victims would open the infected Office files, the malware would not be downloaded and executed on their computers, saving them from the infection.

Emotet is a banking Trojan that was first spotted in the year 2014 by security researchers, it was primarily designed to sneak onto the victim's computer and mine sensitive data. Later, the banking malware was updated; newer versions came up with spamming and malware delivery functionality. Emotet is equipped with capabilities to escape anti-malware detection, it uses worm-like abilities that help it proliferate through connected systems. Mainly, the infection is spread via malspam, however, it may also be sent through malicious scripts, links, or macro-enabled documents.

Started off casually a few days ago, on the 21st of July, the act of sabotaging the operations has become a major concern for the Emotet authors, affecting a significant fragment of the malware botnet’s revived campaign. Essentially, the sabotage has been possible owing to the fact that Emotet authors are not employing the best web shells in the market, it was noted earlier in 2019 also that the criminals involved in Emotet operations were using open-source scripts and identical password for all the web shells, risking the security of its infrastructure and making it vulnerable to hijacks just by a simple guess of password.

While giving insights on the matter, Kevin Beaumont said in 2019, “The Emotet payload distribution method is super insecure, they deploy an open-source webshell off Github into the WordPress sites they hack, all with the same password, so anybody can change the payloads infected PCs are receiving.

Emotet trojan one of the biggest malware

Emotet is a banking Trojan that started out stealing information from individuals, like credit card details. It has been lurking around since 2014 and has evolved tremendously over the years, becoming major threat that infiltrates corporate networks and spreads other strains of malware.

The U.S. Department of Homeland Security published an alert on Emotet in July 2018, describing it as “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans,” and warning that it’s very difficult to combat, capable of evading typical signature-based detection, and determined to spread itself. The alert explains that “Emotet infections have cost SLTT (state, local, tribal, and territorial) governments up to $1 million per incident to remediate.”

Emotet poses a grave risk for individuals and businesses of all sizes. Here's a look at what you can do to safeguard your business against this pernicious Trojan malware.

Emotet infections typically start with a simple phishing email that contains an attachment or a link to download a file. The recipient is persuaded to click the link or open the file and they unwittingly set in motion a macro that downloads a malicious payload. As soon as the device is infected, Emotet starts trying to spread to other devices on the network.

The addition of new capabilities into Emotet, inspired by other successful malware such as WannaCry, has made it a much more potent threat capable of moving laterally and infecting entire networks alarmingly quickly. It’s a modular Trojan that’s often employed as the vanguard of a bigger attack, piercing the outer defenses and then downloading other banking Trojans and spreading them around.

As persistent and pernicious as Emotet is, you can take effective action to guard against it.

First, ensure that you don’t have unsecured devices on your network. Take steps to identify and secure unmanaged devices. Eradicate potential blind spots like internet of things devices. Even if Emotet appears to be confined to an unsecured machine, the threat has not been neutralized because it’s polymorphic, constantly updating itself and working towards spreading further. Given enough time, it has a good chance of finding a weakness in your defenses that can be exploited.

Emotet trojan is back with a bang

Emotet gang takes their operation to a whole new level, showing why they're today's most dangerous malware. It would seem it now has taken on new tactics in the form of hijacking users old email chains and then responding from a spoofed address to portray legitimacy, this additional tactic can heighten a hackers chances when stealing financial information once a victim has been lured into clicking on said malicious content. Targeted emails appears to affect both private and public sectors, including government, particularly those that provide financial and banking services.

Emotet is a known banking Trojan, discovered five years ago, first in Europe and the USA. It started out stealing information from individuals, like credit card details. It has been lurking around since 2014 and has evolved tremendously over the years, becoming major threat that infiltrates corporate networks and spreads other strains of malware.

It injects itself into a user’s device via malspam links or attachments, with the intent to steal financial data. It targets banking emails and can sometimes deploy further attacks once inside a device.

The Emotet malware gang is now using a tactic that has been previously seen used by nation-state hackers.

The U.S. Department of Homeland Security published an alert on Emotet in July 2018, describing it as “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans,” and warning that it’s very difficult to combat, capable of evading typical signature-based detection, and determined to spread itself. The alert explains that “Emotet infections have cost SLTT (state, local, tribal, and territorial) governments up to $1 million per incident to remediate.”

This campaign targeted mainly Chile and used living off the land techniques (LotL) to bypass Virus Total detections. This up and coming tactic uses already installed tools on a users’ device to remain undetected for as long as possible.