Emotet malware now steals credit cards from Google Chrome

The botnet Emotet has developed a module capable of collecting information on carte of credit stored in the profiles of Google users Chrome. A huge risk for users, discovered by the team of Proofpoint Threat Insights.

Emotet, malware can now steal credit cards from Google Chrome

Active since at least 2014, the banking trojan Emotet (TA542) it can distribute other malicious code, such as Trojans Trickbot and QBoto ransomware come Conti, ProLock, Ryuk and Egregor. But now it also has the ability to steal credit card information from Chrome.

Data such as name, month and year of expiration, card numbers. Which the malware will send to command servers e control (C2) different. The discovery of this Emotet module launched by the E4 botnet dates back to 6 June. By researchers from the Proofpoint Threat Insights team.

They explain: “Much to our surprise it was a form designed to steal credit card data that only targeted the Chrome browser. Once the card data was collected, it was exfiltrated on C2 servers different from those of the loader.”

A truly enormous danger. There are in fact many users who, for convenience, save the number of the credit card and the CVC / CVV code within Google Chrome. This allows you to shop online in a much faster and more comfortable way.

This new threat comes after the increase in activity in April and the move to 64-bit modules. One week later, Emotet has started using link files from Windows (.LNK) pto execute commands PowerShell. In this way, he could infect the victims’ devices. A response to the fact that Microsoft Office macros are now disabled by default, precisely to block malware like Emotet.

For more information on this and other cyber threats, go to the Proofpoint website.