Google Chrome users are at risk to a new Emotet malware variant that steals Credit Card details
If Google Chrome is your browser of choice for shopping, your credit card data may be at risk due to a new variant of the nefarious malware ‘Emotet’.
What is Emotet?
In 2014, a banking trojan identified as Emotet was spread via malicious attachments in spam emails and was used to steal victim’s sensitive information by intercepting their internet traffic. Furthermore, it was also distributed via one of the largest and most dangerous botnet infrastructures with several hundred servers scattered across the world. After an operation was led by multiple countries law enforcement agencies including the United Kingdom, the United States, Ukraine and many more, control of the botnet infrastructure was gained, and two arrests were made at the beginning of 2021.
What is the new Emotet variant?
On Monday 6th June, Proofpoint’s Threat Insights team discovered the new variant being spread by one of the hackers botnets and posted information about the attack to Twitter.
This tweet states that the new variant of Emotet aims to steal credit card details from the user’s Chrome browser which will then be sent back to the attackers command-and-control servers.
Is your data at risk?
If a device is infected with any version of Emotet and you use google chrome, your saved data may be at risk. This is because the attackers can update the malware via binary updates.
Although this attack only affects victims using Google Chrome, as of December 2021 it was reported that Google Chrome accounted for 66.6 percent of the global desktop internet browser market share.
How can you protect your data?
It is currently unknown what version(s) of Chrome, and which operating systems are vulnerable to the attack, but by following the steps below you can help to mitigate the potential threat thus reducing the chances that you become a victim of this attack.
First of all, if you receive suspicious Microsoft Word or Excel files in your emails report them and do not open the malicious documents as this is how the Emotet malware infects victims. Research found that the most common attachments used to deliver the malware were spreadsheets at 33%, executables and scripts at 29%, archives at 22% and documents at 11%.
Do not save your credit card details in any web browser on your devices including computers, mobiles or even TVs. Although storing this information in the browser can be quick and easy, it also makes it possible for hackers to gain access to this information. Typing your credentials each time may be an inconvenience, but it comes with the benefit of keeping your sensitive information safe.
Proactivity is the name of the game, ensure your computers/ endpoints are protected by up-to-date anti-malware software. In the event of compromise Anti-malware tools will be able to assist in the removal of recognised malware from the infected device.
Web browsers can be just as vulnerable to attacks as any other software on your devices, so it is important that you ensure that the web browser you are using is up to date. By navigating to your Chrome browser settings, you can view the version that you are using and whether it is up to date. The best way to keep your browser up to date is to set your browser to update automatically.
If your endpoints start displaying indicators of abnormality in line with those of Emotet, it would be advised to immediately disconnect it from your network to stop it from spreading to other devices.
Victims with devices infected by a previous version of Emotet can be affected by the new variant as the attackers can update the malware via binary updates. Therefore, it is essential that any variant of Emotet is removed from the device to prevent it from being updated.
In short, the Emotet malware has hit back and is now affecting a huge demographic - users of the Google Chrome browser. By following the steps above, you can ensure that your cyber posture is the best that it can be to give your personal information the best possible protection.