Wednesday, December 25, 2024
HomeMalwareUS-CERT Alerts Powerful Emotet Banking Malware Attack on Government, Private and Public...

US-CERT Alerts Powerful Emotet Banking Malware Attack on Government, Private and Public Sectors

Published on

SIEM as a Service

The US-Cert team issued an alert for advanced Emotet banking malware attack that targets governments, private and public sectors in the most destructive way to steal various sensitive information.

Emotet banking malware is continually spreading since 2017 and it is one of the costly banking trojans that mainly affecting territorial (SLTT) governments.

Recent malware campaign that delivers Emotet banking Malware Via Microsoft Office documents attachments with “Greeting Card” as the document name, hijack the Windows API.

- Advertisement - SIEM as a Service

It is one of the rapidly spreading banking trojans that could cost around $1 Million to recovered the affected networks and the malware authors are continuously improving the malware to maintain the persistence.

Emotet banking malware primary responsibility as a dropper or downloader to drop the new banking Trojans and it is capable of evading the signature-based detection by modifying the registry keys.

Emotet Malware authors using very clever techniques to alert false indication when it run into the virtual environment and Modular DLLs function helps to continuously evolve and update its capabilities.

Emotet Banking Malware Infection Process

Emotet banking malware intially spreading via Email that contains malicious attachments or links and the mail contants posed as legitimate PayPal receipts, shipping notifications to trick users to open it.

Once users click the link or attachment or macro enable word document then the Trojan propagate its infection process across the local networks.

According to US-CERT , There are 5 known spreader modules used by Emotet banking malware: NetPass.exe, WebBrowserPassView, Mail PassView, Outlook scraper, and a credential enumerator.

  • NetPass.exe – Tool to recovers all network passwords stored on a system for the current logged-on user.
  • Outlook scraper – scrapes names and email addresses from the victim’s Outlook accounts using Phising Emails.
  • WebBrowserPassView- password recovery tool that captures passwords stored by Major Browsers.
  • Mail PassView – It helps to reveal the passwords and account details for various email clients
  • Credential enumerator  – It used to enumarate the network resources using Server Message Block (SMB) or tries to brute force user accounts

Once it complete the infection process, Emotet injects code into explorer.exe and other running process and collect the various sensitve information such as system name, location and other sensitive information and connect with C&C server.

After the communication established with C&C server  it reports a new infection, receives configuration data, downloads and runs files, receives instructions, and uploads data to the C2 server.

later share the stolen files and other financial sesitive data from whole compromised network which leads to disruption to regular operations, disruption to regular operations, temporary or permanent loss of sensitive or proprietary information.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from...

IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating...

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability...

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...