Emotet Botnet Targets Google Chrome Users

Researchers from Proofpoint have analyzed a new campaign from the Emotet botnet. It uses a new module capable of extracting credit card data from Chrome users’ profiles, BleepingComputer reports.

“On June 6, Proofpoint observed a new Emotet module spread by the E4 botnet,” the Proofpoint Threat Insights team announced. “To our surprise, it was a credit card thief that exclusively targeted the Chrome browser. Once the card data was collected, it was transferred to command servers other than the module loader.”

The Emotet botnet is continuously developed by its operators. For example, researchers from Cryptolaemus had already noticed in April that Emotet switched from 32-bit to 64-bit modules. After that, the botnet’s activities also increased significantly.

Shortly after, Emotet also switched to LNK files to execute PowerShell commands on Windows machines and infect victims with malware. Previously, those behind it had relied primarily on Office macros, which Microsoft again made difficult to execute in early April.

The Emotet malware has been active since early 2014. Initially, it was a banking Trojan that was eventually developed into a botnet. The botnet, in turn, now delivers malware modules with different functions to steal user data, explore hacked networks, or inject Trojans such as Qbot and Trickbot. The latter, in turn, are capable of spreading ransomware such as Ryuk or Conti.

In early 2021, law enforcement from several countries managed to strike a blow against Emotet’s infrastructure. Two suspected members of the Emotet group were also arrested. German law enforcement also used Emotet to distribute its own module that removes malware from compromised systems.