Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New Variant of Emotet Banking Malware targets German Users

  • Please log in to reply
No replies to this topic

#1 NickAu


    Bleepin' Fish Doctor

  • Moderator
  • 13,397 posts
  • Gender:Male
  • Location: Australia
  • Local time:06:43 PM

Posted 07 January 2015 - 04:45 AM


A new Spam email campaign making the rounds in Germany are delivering a new variant of a powerful banking malware, a financial threat designed to steal users’ online banking credentials, according to security researchers from Microsoft.
The malware, identified as Emotet, was first spotted last June by security vendors at Trend Micro. The most standout features of Emotet is its network sniffing ability, which enables it to capture data sent over secured HTTPS connections by hooking into eight network APIs, according to Trend Micro.
Microsoft has been monitoring a new variant of Emotet banking malware, Trojan:Win32/Emotet.C, since November last year. This new variant was sent out as part of a spam email campaign that peaked in November.
Emotet has been distributed through spam messages, which either contain a link to a website hosting the malware or a PDF document icon that is actually the malware.

HeungSoo Kang of Microsoft’s Malware Protection Center identified a sample of the spam email message that was written in German, including a link to a compromised website. This indicates that the campaign primarily targeted mostly German-language speakers and banking websites.
The spam messages are written in such a way that it easily gain the attention of potential victims. It could masquerade as some sort of fraudulent claim, such as a phone bill, an invoice from a bank or a message from PayPal.
Once it infect a system, Emotet downloads a configuration file which contains a list of banks and services it is designed to steal credentials from, and also downloads a file that intercepts and logs network traffic.
Network sniffing is especially a disturbing part of this malware because in that a cyber criminal becomes omniscient to all information being exchanged over the network. In short, users can go about with their online banking without even realizing that their data is being stolen.
Emotet will pull credentials from a variety of email programs, including versions of Microsoft’s Outlook, Mozilla’s Thunderbird and instant messaging programs such as Yahoo Messenger and Windows Live Messenger.


New Variant of Emotet Banking Malware targets German Users




BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users