back to article Emotet malware gang re-emerges with Chrome-based credit card heistware

The criminals behind the Emotet botnet – which rose to fame as a banking trojan before evolving into spamming and malware delivery – are now using it to target credit card information stored in the Chrome web browser. Once the data – including the user's name, the card's numbers and expiration information – is exfiltrated, the …

  1. Pascal Monett Silver badge

    "they came back in full force"

    The only thing they're doing is relying on user stupidity.

    Granted, there's apparently an ocean full of that, but when users will finally understand that you don't open mails from someone you've never heard from, their attack vector will go dry.

    I give it another 10,000 years.

    1. Version 1.0 Silver badge

      Re: "they came back in full force"

      It's not just "user stupidity" ... companies and organizations are busy sending emails via lots of other sources, talk to someone you've worked with (.edu, .com, ,gov domain) and then get an order in a HTML attachment from a totally different domain that you have to visit to accept the order.

      So much is busy making everything easy to use, not safe.

      1. ThatOne Silver badge
        Flame

        Re: "they came back in full force"

        True, and even worse, companies and institutions worldwide are actively training users to be more gullible and trusting, and to fall for simple if not primitive scams.

        Banks sending emails less credible than your average phishing campaign are a good example of this. People are actively trained to not be wary of scams.

    2. Andy The Hat Silver badge

      Re: "they came back in full force"

      User stupidity is a user clicking on a link in an email from Seyor Moneyov with a link to givus.yourmoney.com

      Lack of user experience results in email clients opening in full preview modes and executing whatever crap is embedded in it (hell why do I still see this as a thing in 2022?)

      However, why would you regard it as stupid to click on what looks like a regular email from the spoofed email address of your bank which has a full company letterhead and 15 valid embedded links just like a valid one? I received an email which "didn't feel right" but looked genuine ... on investigation it turned out there was just one incorrect character visible in the (long) hover-over link address. More and more companies rely on click-through email linking directly to web portals, it massively increases the target surface for criminals as it increases the risk of making a mistake and clicking the wrong thing ...

      Thousands of people pay utility bills, receive a monthly email request for a meter reading and how many click through the email to provide it? How many people click though on a Screwfix offer? How many look at an eBay email notification? While 'click-through" is the norm, security will not get any better.

  2. Mike 137 Silver badge

    How can a member of front line staff tell?

    "The attacks we have seen hitting Japanese victims are using hijacked email threads and then using those accounts as a launch point to trick victims into enabling macros of attached malicious office documents,"

    If they're essentially masquerading as trusted sources, there has to be a better way to protect than relying on the front line to decide what's legitimate and what's not without the requisite expertise or training. A lot could be done by rigorous examination at the gateway, or even better, by a specialist external proxy service (or even better still, by both). At the simplest level, an email purporting to come from an internal source shouldn't cross the boundary gateway, and that could readily be prevented by technical means.

    The biggest victim side contributor to this kind of attack succeeding is inadequate security management. Blaming the end user is most commonly just a way of avoiding recognising this massive 'elephant is the office'.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like