Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Emotet Malware Alert: US-CERT TA18-201A

    Home Forums Code Red – Security advisories Emotet Malware Alert: US-CERT TA18-201A

    This topic contains 5 replies, has 3 voices, and was last updated by  anonymous 2 weeks, 5 days ago.

    • Author
      Posts
    • #205058 Reply

      Kirsty
      AskWoody MVP

      Alert TA18-201A: Emotet Malware
      https://www.us-cert.gov/ncas/alerts/TA18-201A

      Original release date: July 20, 2018

       
      Systems Affected: Network Systems

      Overview
      Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.

      This joint Technical Alert (TA) is the result of Multi-State Information Sharing & Analysis Center (MS-ISAC) analytic efforts, in coordination with the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC).
      Description

      Emotet continues to be among the most costly and destructive malware affecting SLTT governments. Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.

      Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Additionally, Emotet is a polymorphic banking Trojan that can evade typical signature-based detection. It has several methods for maintaining persistence, including auto-start registry keys and services. It uses modular Dynamic Link Libraries (DLLs) to continuously evolve and update its capabilities. Furthermore, Emotet is Virtual Machine-aware and can generate false indicators if run in a virtual environment.

      Emotet is disseminated through malspam (emails containing malicious attachments or links) that uses branding familiar to the recipient; it has even been spread using the MS-ISAC name. As of July 2018, the most recent campaigns imitate PayPal receipts, shipping notifications, or “past-due” invoices purportedly from MS-ISAC. Initial infection occurs when a user opens or clicks the malicious download link, PDF, or macro-enabled Microsoft Word document included in the malspam. Once downloaded, Emotet establishes persistence and attempts to propagate the local networks through incorporated spreader modules.

       
      Read the full alert here
      Further information on Emotet from Wikipedia

      2 users thanked author for this post.
    • #205229 Reply

      Kirsty
      AskWoody MVP

      Source Code for Exobot Android Banking Trojan Leaked Online
      By Catalin Cimpanu | July 23, 2018

       
      The source code of a top-of-the-line Android banking trojan has been leaked online and has since rapidly spread in the malware community, worrying researchers that a new wave of malware campaigns may be in the works.

      This malware’s name is Exobot, an Android banking trojan that was first spotted at the end of 2016, and which its authors mysteriously abandoned by putting its source code for sale in January this year.

      Security researchers from ThreatFabric have told Bleeping Computer that the Exobot trojan source code we received had actually leaked online in May when one of the users who bought it from the original author decided to share it with the community.

      So not only is Exobot’s source code freely accessible, but its also of pretty effective, just like the BankBot code was top-of-the-line when it was leaked in 2016. In the coming months, we may see Android malware devs slowly migrating their campaigns from BankBot to Exobot, as few will decline a “free upgrade” to a better code.

       
      Read the full article here

      1 user thanked author for this post.
      • #205274 Reply

        OscarCP
        AskWoody Lounger

        (1) Exobot: So… those of us who do not use smartphones, let alone Android in any way whatsoever we are aware of should be OK? Or is Android also present in, let’s say, Google searches or when using Chrome, two things that many of us regularly do?

        (2) Emotet: Is it correct to assume that this is a danger to anyone connected to the Internet, regardless of operating system?

        • #205336 Reply

          Kirsty
          AskWoody MVP

          To me, the key point is that banking trojans are in the wild, and we should all ensure we are very careful in our “cybersecurity hygiene”, i.e. not clicking on unexpected links or attachments, getting updates from genuine sources only, checking for unexpected program changes, etc.

          It’s just another reason for us to be vigilant in our use of technology, being aware of the risks. 🙂

          1 user thanked author for this post.
          • #205497 Reply

            OscarCP
            AskWoody Lounger

            Hmm… Yes, of course, by am still curious about questions (a) and (b).

            And, while at it, I may also point out that ever since the dawn of ATMs our banking cyber security has been on the shaky side. Or even further back, since credit cards (i.e. when “cyber” was a prefix to things ‘cybernetic’, in use only among some mathematicians, computer scientists and system theorists). Or even since checks (with your signature on them, a forger can, potentially, have a really good time with a little bit of work, same as with credit card slips). So, unfortunately, being careful and practicing good online hygiene are highly advisable, but not infallible strategies. Nothing you did not know already, but I just felt like putting it down here in so many words.

    • #237185 Reply

      anonymous

      Just a Reminder ( In yes an old thread) But as ESET product detection graphics shows this is on the rise.

      https://www.welivesecurity.com/2018/11/09/emotet-launches-major-new-spam-campaign/

      As noted in the article is the downloads that might be used involve Office 365 Programs

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Emotet Malware Alert: US-CERT TA18-201A

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.