According to zdnet, “A notorious malware campaign is targeting banks and financial institutions in the US and the UK with cyber attacks that are not only destructive in their own right, but could also be used as the basis for future intrusions by other hackers”.
There has been a spike in phishing activity recently. This phishing campaign is stealthily distributing emotet, a malware which was earlier a banking trojan but now it has evolved into a botnet. The operators of this botnet are leasing out it’s capabilities to people who want to spread their own malware to plant a backdoor into other machines.
A phishing mail normally tricks people into revealing their confidential information like usernames, passwords, credit card data, etc., It also can lure people into clicking an attachment which can help plant a malware into the system. A lot of username databases are available on the darknet which is normally used to send emails.
A trojan is actually a backdoor into a machine and through this backdoor a criminal gets remote access to the machine. Through this access the criminal tries to get privilege escalation. Once the criminal gets the required privileges he can control the system.
A botnet is a collection of internet connected devices whose security has been breached and the control is actually with a third party (criminal).
Now this phishing campaign is spreading the trojan namely emotet. Emotet has evolved into a botnet. Hence your system also becomes a part of the botnet and can be used to spread malware to other systems. Emotet starts gathering all the sensitive information. The information can be anything from customers bank account details, their credit card details, important business documents, etc.,
The campaign is actually sending fake invoices as a Microsoft word document and tricks the target into enabling the macros. Once the macros are enabled this document installs emotet on the machine.
Theta432 can help your organization through a proactive model of securityawareness training with simulated Advanced Virtual Attacks. Click to know more.