A new Spam email campaign making the rounds in Germany are delivering a new variant of a powerful banking malware, a financial threat designed to steal users’ online banking credentials, according to security researchers from Microsoft.The malware, identified as Emotet, was first spotted last June by security vendors at Trend Micro. The most standout features of Emotet is its network sniffing ability, which enables it to capture data sent over secured HTTPS connections by hooking into eight network APIs, according to Trend Micro.Microsoft has been monitoring a new variant of Emotet banking malware, Trojan:Win32/Emotet.C, since November last year. This new variant was sent out as part of a spam email campaign that peaked in November.Emotet has been distributed through spam messages, which either contain a link to a website hosting the malware or a PDF document icon that is actually the malware.HeungSoo Kang of Microsoft’s Malware Protection Center identified a sample of the spam email message that was written in German, including a link to a compromised website. This indicates that the campaign primarily targeted mostly German-language speakers and banking websites.The spam messages are written in such a way that it easily gain the attention of potential victims. It could masquerade as some sort of fraudulent claim, such as a phone bill, an invoice from a bank or a message from PayPal.Once it infect a system, Emotet downloads a configuration file which contains a list of banks and services it is designed to steal credentials from, and also downloads a file that intercepts and logs network traffic.Network sniffing is especially a disturbing part of this malware because in that a cyber criminal becomes omniscient to all information being exchanged over the network. In short, users can go about with their online banking without even realizing that their data is being stolen.Emotet will pull credentials from a variety of email programs, including versions of Microsoft’s Outlook, Mozilla’s Thunderbird and instant messaging programs such as Yahoo Messenger and Windows Live Messenger.
New Variant of Emotet Banking Malware targets German Users