Emotet

Emotet is a banking trojan malware program which obtains financial information by injecting computer code into the networking stack of an infected computer,^[1]allowing sensitive data to be stolen via transmission.^[2] Emotet malware also inserts itself into software modules which are then able to steal address book data and perform denial of service attacks on other systems.^[3]

Emotet has evolved in its delivery, however the most prominent form has been inserting malicious documents or URL links inside the body of an email sometimes disguised as an invoice or PDF attachment.^[4]

First reported in Germany, Austria, and Switzerland in 2014, the United States quickly followed suit encountering Emotet malware not necessarily through fake invoices, but rather through malicious JavaScript (.JS) files; when the malicious .JS files are executed, Emotet malware is then able to infect the current host.^[5]

Once Emotet has infected a host, a malicious file that is part of the malware is able to intercept, log, and save outgoing network traffic via a web browser leading to sensitive data being compiled to access the victim's bank account(s).^[6]

Emotet is a member of the Feodo Trojan family of trojan malware.^[7] When run in a virtual machine environment, Emotet changes its behavior in ways that are intended to mislead malware investigators.^[8]

References

↑ Kovacs, Eduard (June 30, 2014). ""Emotet" Banking Malware Steals Data Via Network Sniffing". www.securityweek.com. Retrieved 2017-05-22.
↑ Shulmin, Alexey. "The Banking Trojan Emotet: Detailed Analysis". Securelist. Retrieved 14 June 2017.
↑ "Emotet". New Jersey Cybersecurity & Communications Integration Cell. State of New Jersey. April 26, 2017. Retrieved 2017-05-22.
↑ "Emotet Changes TTPs and Arrives in United States". Center for Internet Security. Retrieved 14 June 2017.
↑ Masters, Greg. "Emotet banking trojan debuts in U.S." SC Media. Retrieved 14 June 2017.
↑ Salvio, Joio. "New Banking Malware Uses Network Sniffing for Data Theft". Trend Micro. Retrieved 14 June 2017.
↑ "Emotet Changes TTPs and Arrives in United States". www.cisecurity.org. Retrieved 2017-05-22.
↑ Shulmin, Alexey (April 9, 2015). "The Banking Trojan Emotet: Detailed Analysis - Securelist". securelist.com. Retrieved 2017-05-22.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] Kovacs, Eduard (June 30, 2014). ""Emotet" Banking Malware Steals Data Via Network Sniffing". www.securityweek.com. Retrieved 2017-05-22.

[2] Shulmin, Alexey. "The Banking Trojan Emotet: Detailed Analysis". Securelist. Retrieved 14 June 2017.

[3] "Emotet". New Jersey Cybersecurity & Communications Integration Cell. State of New Jersey. April 26, 2017. Retrieved 2017-05-22.

[4] "Emotet Changes TTPs and Arrives in United States". Center for Internet Security. Retrieved 14 June 2017.

[5] Masters, Greg. "Emotet banking trojan debuts in U.S." SC Media. Retrieved 14 June 2017.

[6] Salvio, Joio. "New Banking Malware Uses Network Sniffing for Data Theft". Trend Micro. Retrieved 14 June 2017.

[7] "Emotet Changes TTPs and Arrives in United States". www.cisecurity.org. Retrieved 2017-05-22.

[8] Shulmin, Alexey (April 9, 2015). "The Banking Trojan Emotet: Detailed Analysis - Securelist". securelist.com. Retrieved 2017-05-22.