Emotet a New Banking Trojan Found Tapping and Accessing E-traffic

Trend Micro the security company has spotted one fresh banking malware, which it has named "Emotet" as it taps and accesses outbound network traffic from victims' computers in an attempt towards stealing sensitive credentials.

The company says, unlike typical financial malware, the new Emotet PC-Trojan does not resort to form field injection alternatively phishing rather it uses the technique of network sniffing that poses hurdles for security solutions to detect its malevolent operations.

To disseminate the threat, spam mails are dispatched that seemingly talk about shipping invoices or money transfers. There are web-links inside the fake messages which actually lead onto sites created for delivering the malware onto target systems.

The Emotet, when contaminates a PC, pulls down one configuration file that gives details about financial organizations intended to be abused.

Beside this, Emotet also pulls down one DLL file with which the outbound network traffic is tapped and seized.

The DLL that's thrust inside the Web-browser examines the sites the victim visits after the malware selects and targets certain URLs, while incase it finds a match, it retrieves the entire data dispatched to that particular site.

Joie Salvio, Threat Response Engineer at Trend Micro notes that Emotet saves all that's on the website thus stealing and saving its entire data. Softpedia.com published this, June 30, 2014.

Trend's researchers further discovered that even any encrypted connection can't stop the theft of data since the Trojan captures the credentials utilized for logging in done with the help of HTTPS.

According to them, this method of grabbing critical information doesn't raise an alert as there's little indication of suspicious happenings to the user, who thinks all is working normal.

Interestingly, Emotet even encodes data it steals followed with saving it all within system registry. As this doesn't involve creating any new file, the malware again bypasses detection on the machine.

Finally as per Trend Micro, the maximum instances of contaminations by Emotet occurred in Europe, particularly inside Germany. Nevertheless, contaminations have as well happened in North America and Asia-Pacific, indicating the threat isn't confined to only one geographical area, security researchers conclude. CIO published this, July 1, 2014.

» SPAMfighter News - 7/10/2014