Emotet Takes a Break, but Possibly Not for Long – DigitalMunition

Hacking News no image

Published on July 9th, 2019 📆 | 6509 Views ⚑


Emotet Takes a Break, but Possibly Not for Long

Check Point’s researchers believe that Emotet’s infrastructure could be offline for maintenance and upgrade operations, and that as soon as its servers are up and running again, Emotet will be reactivated with new, enhanced threat capabilities.

“Emotet has been around as a banking Trojan since 2014. Since 2018 however we have seen it being used as a botnet in major malspam campaigns and used to distribute other malwares. Even though its infrastructure has been inactive for much of June 2019, it was still #5 in our global malware index, which shows just how much it is being used – and it’s likely that it will re-emerge with new features,” said Maya Horowitz, Director Threat Intelligence & Research at Check Point.

“Once Emotet is installed on a victim’s machine, it can use it to spread itself via further spam campaigns, download other malwares (like Trickbot, which in turn infects the entire hosting network with the infamous Ryuk Ransomware), and spread to further assets in the network.”

  • ↑ XMRig – Open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017.
  • ↑ Jsecoin – JavaScript miner that can be embedded in websites. With JSEcoin, you can run the miner directly in your browser in exchange for an ad-free experience, in-game currency and other incentives.
  • ↓ Cryptoloot – Crypto-Miner, using the victim’s CPU or GPU power and existing resources for crypto mining – adding transactions to the blockchain and releasing new currency. It was a competitor to Coinhive, trying to pull the rug under it by asking less percent of revenue from websites.            
  • Lotoor– Android malware which repackages legitimate apps and then released them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.
  • Triada– Modular Backdoor for Android which grants super user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
  • Ztorg– Trojans in the Ztorg family obtain escalated privileges on Android devices and install themselves in the system directory. The malware is able to install any other application on the device.
  • Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

    Story continues

    Check Point’s Threat Prevention Resources are available at: http://www.checkpoint.com/threat-prevention-resources/index.html

    https://twitter.com/_cpresearch” data-reactid=”37″>Follow Check Point Research via:
    Blog: https://research.checkpoint.com/
    Twitter: https://twitter.com/_cpresearch

    Kip E. Meintzer  Emilie Beneitez Lefebvre 
    Check Point Software Technologies  Check Point Software Technologies
    +1.650.628.2040 +44 7785 38302
    ir@checkpoint.com press@checkpoint.com

    Source link

    Download Premium WordPress Themes Free
    Free Download WordPress Themes
    Download Premium WordPress Themes Free
    Download Premium WordPress Themes Free
    free download udemy course

    Tagged with:

    Leave a Reply ✍