An alert for an advanced Emotet banking malware attack that focuses on stealing sensitive information from governments, public and private sectors has been recently issued by the US-Cert team.
Emotet and How it Spreads?
Emotet malware is an advanced, modular banking Trojan that mainly functions as a downloader or dropper of other banking Trojans. This expensive and destructive malware affects public and private sectors and state, local, tribal, and territorial (SLTT) governments.
Since 2017, Emotet banking malware has been spreading via malspam (emails containing malicious links or attachments) which uses branding familiar to the recipient. It has also been spread using the MS-ISAC name. Recent campaigns in July 2018 imitate PayPal receipts, shipping notifications, or “past-due” invoices from MS-ISAC. The very first malware infection occurs when the user clicks on or opens the infected PDF, malicious download link, or macro-enabled Microsoft Word document included in the malspam. After the download process, Emotet malware tries to propagate the local networks via incorporated spreader modules.
Emotet is one of the rapidly spreading banking Trojans and could cost almost $1 million to recover the affected networks; malware authors are constantly working to improve persistence. A recent malware campaign delivering Emotet banking malware through Microsoft Office document attachments with “Greeting Card” as the document name, hijacks the Windows API.
Emotet currently uses five known spreader modules:
- WebBrowserPassView- a password recovery tool that captures passwords stored by major browsers.
- Mail PassView – helps to disclose the account details and passwords for different email clients
- Credential Enumerator – enumerates the network resources using Server Message Block (SMB) or attempts to brute force user accounts.
- NetPass.exe – recovers all network passwords stored on a system for the currently logged-on user.
- Outlook scraper – scrapes email addresses and names from the victim’s Outlook accounts using phishing emails.
Emotet Malware Infections Cause:
- Disruption to regular operations
- Potential harm to an organization’s reputation
- Financial losses incurred to restore files and systems
- Permanent or temporary loss of proprietary or sensitive information.
Protect Your Banking Information with Comodo Advanced Endpoint Protection (AEP)
Endpoint protection, or endpoint security, is a solution that protects and secures the endpoints from unknown malware or advanced persistent threats or zero-day exploits. Traditional antivirus software cannot be a standalone solution for eradicating the threats, and Comodo Advanced Endpoint Protection is designed to deliver complete security, guaranteeing data protection for all enterprises.
AEP thus delivers a focused security solution that helps secure servers, workstations, and devices that are connected to access the enterprise networks. Comodo Advanced Endpoint Protection prevents unknown malware from running on your endpoints with its unique Default Deny Platform™.
Comodo Advanced Endpoint Protection works in the following manner:
- Advanced Endpoint Protection leverages the Default Deny Platform to block bad files and automatically contain unknown files in a virtual container, using intelligent Automatic Containment technology.
- The Comodo VirusScope technology is used for analyzing unknown files for malicious actions and behavior.
- Valkyrie provides a cloud-based accelerated verdict in just 45 seconds, based on dynamic, static, and also a human analyst interaction.
- Malware files are removed, good files are allowed to run on the endpoint CPU and unknown files are contained in the lightweight virtual container on the endpoint and then examined in real time.
- Advanced Endpoint Protection can be provisioned within just a minute. It uses negligible CPU resources and requires an endpoint footprint of only10 MB. The program provides complete security for both virtual and physical endpoints in both big and small enterprises.