This New Malware Added An Email Attachment Stealer

August 15, 2020

Written by wukovits

Emotet’s massive botnet was dormant for several months, but on July 17th, 2020, it suddenly rumbled back to life.

It started spewing out massive numbers of phishing emails aimed at installing Trickbot payloads on anyone unfortunate enough to open one of their poisoned emails. The emails are often described as invoices, manifests, and the like.

In recent days, security researchers have noted that Emotet has begun swapping Trickbot payloads out with QakBot payloads, which include the use of the ProLock ransomware strain. Whichever payload is deployed, however, security researchers have noticed something else. Emotet got another upgrade.

The upgrade takes the form of an email attachment stealer. Once installed on a target system, it will scan that target’s inbox and sent folders looking for email attachments. The malware isn’t picky, and will take anything, copying whatever files it finds and sending them to the command and control server so it can recycle and reuse the attachments on future phishing emails.

This may not sound like it, but is actually a devastatingly effective strategy. By using live files, the phishing emails gain a further air of authenticity. The data those files contain looks legitimate because it is legitimate in that the file was generated by someone working for a corporation and sent around to others for review.

Worse, Emotet doesn’t show any signs of slowing down. This week, based on statistics compiled by the interactive malware analysis platform AnyRun, Emotet was ranked as the malware threat of the week. It was measured by uploads, with nearly ten times the total uploads as njRAT, which claimed the #2 spot.

Given the size of the Emotet botnet, this is definitely a threat to be mindful of. Make sure your IT staff is aware of the large scale, ongoing phishing campaign by the botnet and be sure to remind all of your employees not to open any email attachments unless they’re absolutely certain where they’re coming from.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Send us a message

Your message was sent.