Recently we wrote that the Emotet botnet, which had not shown "signs of life" since…
Now the Bleeping Computer magazine, citing Binary Defense experts, reports that the malware has acquired new functionality: it has begun to steal contact lists, content and attachments from its victims’ emails so that the sent spam looks as authentic as possible for the future recipients.
“This is the first time the botnet is using stolen attachments to add credibility to emails as Binary Defense threat”, — told BleepingComputer IS-researcher James Quinn.
This information confirmed well-known and information security researcher Markus Hutchins (aka MalwareTech), who notes that the module for data theft appeared at Emotet around June 13 of this year.
“Can confirm Emotet’s email stealer module was updated to steal email attachments, as well as email content and contact lists. The additional code was added around June 13th”, — wrote MalwareTech in his Twitter.
Experts write that the new tactic allows Emotet operators effectively use the intercepted emails and “join” users’ conversations. This means that a malicious URL or attachment will end up looking like new posts in an ongoing discussion. Moreover, unlike other attackers, Emotet operators use not only the “body” of the stolen messages, but also attachments from them.
“Emotet seems to be using not only stolen email bodies, but is now including stolen attachments as well. This lends to even more authenticity in their phishing emails. In one example we found 5 benign attachments and a dropper link within the templated portion of the email”, – say Cofense analysts.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…