The notorious Emotet malware recently drew further attention for targeting the Google Chrome browser. Researchers observed that the malware now targets Chrome to steal stored data, mainly credit card data.
Emotet Malware Targets Chrome Browser
Researchers from Proofpoint have disclosed that they noticed the infamous Emotet malware infecting Chrome browsers in recent campaigns.
As disclosed, the researchers observed a new Emotet module, investigating which revealed it as a credit card stealer. That means, alongside other exploitive functionalities, the new tweaks add another malicious ability to the already troublesome malware.
As a card stealer, the module integrates to the Chrome browsers on target devices. It then scans the browser-stored information and pilfers credit card details. The malware then transmits the stolen details to the C&C. But the researchers found it to be a different C2 server than the new module used.
On June 6th, Proofpoint observed a new #Emotet module being dropped by the E4 botnet. To our surprise it was a credit card stealer that was solely targeting the Chrome browser. Once card details were collected they were exfiltrated to different C2 servers than the module loader. pic.twitter.com/zy92TyYKzs
— Threat Insight (@threatinsight) June 7, 2022
Elaborating further on it to BankInfoSecurity, Sherrod DeGrippo, VP Threat Research and Detection at Proofpoint, commented,
After months of consistent activity, Emotet is switching things up. It is likely the threat actor is testing new behaviors on a small scale before delivering them to victims more broadly, or to distribute via new TTPs alongside its existing high-volume campaigns
Emotet has long been a potent cybersecurity threat for different entities worldwide. It executed numerous high-profile attacks in the past, including notable victims like the United Nations. Eventually, drawing unwanted attention from security officials led to its (seemingly reversible) demise in early 2021.
However, the researchers noticed its reappearance later that year, though on a limited scale. In November 2021, Emotet once again made it to the news for running active campaigns. Then, in April 2022, Proofpoint researchers also highlighted new delivery techniques with the malware, albeit with a low-volume activity.
The recent changes come in as red flags for the business and cybersecurity community, urging the relevant personnel to adopt robust security measures to prevent infections.