LTS Secure Warning: New wave of the Emotet Malware

First identified in 2014, Emotet still continues to infect multiple systems and hurt users to this day, which is why the infosec community is still talking about it.

The first version of the Emotet was developed to steal bank account details by intercepting the internet traffic. An just after a short amount of time new version of the malware was dropped called as Emotet version two. It came packed with several modules which include a money transfer system, mail-spam module, and a banking module that was used to mainly target Austrian & German banks.

Moving forward 2018, the new version of the Emotet include the ability to install other malware to infected systems. It was also bundled with banking Trojans or mail-spam delivery services.

 

Technical Details

Emotet is a type of polymorphic malware, which means it can change it’s identifiable feature every time it is downloaded, which help’s it to evade signature-based detection methods.

Initial stage of infection wave begins via mail-spam email campaign in which the attackers inserts malicious documents/URL links inside the body of an email which will be disguised as an invoice or PDF attachment. Emotet emails may contain familiar branding designed to make it look like a legitimate email.

A malicious attachment identified as “__Denuncia_Activa_CL.PDF.bat” in email attachment with the obfuscated source code to evade antivirus detection and make it difficult to analyse.

It further uses a C&C servers to receive updates. It kind of works a way, an operating system updates your PC and can happen seamlessly, without any outward signs. This gives the attackers the ability to install new versions of the software as well as install additional malware such as banking Trojans, or can make the system act as a dumping ground for stolen information, like email addresses, financial credentials, usernames and passwords.

 

Impact

  • Temporary/Permanent loss of sensitive or proprietary data.
  • Financial losses can be incurred to restore systems and files.
  • Disruption to regular operations of an organization.
  • Harm to an organization’s reputation.

 

Recommended Actions

  • Keep your computer/endpoints systems up-to-date with the latest patches.
  • Never download any suspicious attachments or click on any shady-looking link. Take an effort to educate your users on how to identify a mail-spam.
  • Never install any freeware or cracked versions of any software.
  • Do not open any advertisement pages shown on websites without knowing that they are genuine.
  • Disable macros while using MS Office.
  • Always install and update your anti-virus to protect your system from unknown threats.
  • Always take a backup of your important data in external drives like HDD and pen drives. Consider using a reliable Cloud service to store the data.

 

In order to catch and nip the breaches in the bud, such highly advanced malware our Next Gen SIEM is must have tool in your armory of CSC, which is capable of detecting susceptible events and Alarm thus enabling you to stop the breach.