The infamous Emotet botnet is infecting victims' systems with a new module. This module steals credit card details exclusively from the Chrome web browser. Researchers from cybersecurity company Proofpoint observed the new Emotet component on June 6.
Interestingly, the credit card stealer sends the collected data to a different remote command-and-control server, not the one that loads the module.
The Emotet malware was created in 2014 and since evolved into a botnet under the Mummy Spider hacking group's control. In January 2021, the Emotet infrastructure was disrupted in a law enforcement operation. German authorities even used it to distribute a cleaning module, which removed the malware from the infected systems.
Despite all the efforts of law enforcement agencies, in November 2021 Emotet resurrected once again and its malicious activity spiked in March 2022. According to Check Point, as of April 2022, Emotet was the most popular malware. At the time, the malware operators weretesting out new delivery methods using OneDrive URLs and PowerShell in .LNK attachments in order to bypass Microsoft's macro restrictions.
Since its return, the malware mainly targeted Japan, Italy, and Mexico.