Emotet Malware – Mass-Harvesting millions of Emails in secret Campaign

Latest Emotet module deployed poses a more dangerous threat as security experts ask companies to set up the security of their networks. The Emotet Group is preparing more attacks, which is likely to start from the United State.

A notorious malware family, which since last year has been on a resurgent path earlier this week, has received a major update, which will shake any organization. Reports from Kryptos Logic made available indicate that the Emotet malware family has begun mass ingathering of complete e-mails from infected victims, starting yesterday.

The Emotet group has been in existence since 2014 during which it began spreading the first version of its malware, which operated as a full banking Trojan. Though this Trojan wasn’t successful and gradually faded within three years. However, during the summer of 2017, the group overhauled their code and converted the original banking Trojan into a sectional malware. This current Trojan is used primarily to infect users and afterward deliver secondary payloads for other criminal groups through a classic pay-per-install scheme .

Since the summer of 2017, the group has experienced unprecedented growth both in the number of victims infected and in its capabilities. The malware has grown ubiquitously currently to the extent that the United State Department of Homeland Security has issued a security advisory during the summer, advising companies to step up their security and the threat it poses to their networks.

Emotet comes in a multitude of smaller modules, which once downloaded gains initial base. These modules include SMB-based spreader, which laterally moves throughout networks and have the capability of wreaking havoc in a large organization. Additionally, this malware doesn’t come alone as it often drops more deadly threats such as remote access Trojans, infostealer, TrickBot, and most dangerously ransomware.

A recent instance is the attack of the city of Allentown website, where the infection had access to the city’s network. It got to the extent where the city of Allentown downloaded more malware. The municipality spent almost $1 million in rebuilding its previous infrastructure from scratch. Beginning from today, Kryptos Logic indicated that network admins have another challenge to deal with – the exfiltration of sensitive user information from infected systems.

The attack takes place through a new Emotet module, which blindly gathers all emails received or sent from its infected hosts within 180 days. However, this new module works with Microsoft Outlook installations currently. In as much as the Emotet module looks harmless, it gives cybercriminals the opportunity to steal sensitive emails, which is similar to a data breach.

Researchers at Kryptos Logic pointed out that the mass email-harvesting module from Emotet is something out of the ordinary. The Head of Security & Threat Intelligence Research of Kryptos Logic in an interview,

“We believe the module is currently being widely deployed, but it is too early to confirm if it is geographically specific. Emotet is not limited to any geography, but it tends to focus on US victims. There isn’t enough information available to be able to tell what the threat actors motives are at the moment.”

Experts have agreed that harvesting data in mass provides a weapon-like data-driven analytical ability that must not be taken for granted concerning recent email leaks. Undoubtedly, Emotet is among the most advanced botnets we have seen in this century. Therefore, companies shouldn’t allow any infection from Emotet to linger on its networks because of its past records of causing damages.