The malware, dubbed Emotet, was spotted around June 2014 by security vendors. It is notable for its ability to sniff out credentials sent over encrypted HTTPS connections by tapping into eight network APIs.
Microsoft has been observing a new variant, which was sent out as part of a spam campaign that peaked in November targeting mostly German-speaking users. Emotet is distributed through spam messages, which either contain a link to a website hosting the malware or a PDF document icon that is actually the malware.
The spam messages try to gain the attention of potential victims by purporting to be some sort of claim, a phone bill, an invoice from a bank or a message from PayPal.
Spam messages containing Emotet can be tricky to filter because the messages originate from real email accounts.One technique to stop spam messages is to reject messages that come from bogus accounts by checking if the account really exists.
Emotet comes with a list of banks and services it is designed to steal credentials from. It will also pull credentials from a variety of e-mail programs, including versions of Microsoft’s Outlook, Mozilla’s Thunderbird and instant messaging programs such as Yahoo Messenger and Windows Live Messenger.
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright