The 'Emotet'malware has been infecting computers for years, but one security firm is warning that it is currently on the rise and your banking credentials could be at risk.
In a fresh advisory, cybersecurity researchers from SophosLabs said they had witnessed a significant surge in Emotet cases recently. The firm described the malware as a type of "worm that takes advantage of weak administrator passwords to spread across a network".
Its purpose is simple: to drop banking malware onto a target's computer and use crafty techniques to steal usernames and passwords relating to bank accounts.
It typically spreads via email spam and phishing, a common tactic used by hackers and cybercriminals.
"Emotet is a Trojan although it also contains the functionality necessary to be classified as a worm," said SophosLabs' researcher Tad Heppner in a blog post.
"The primary distinction is that a Trojan requires some degree of social engineering to trick a human into enabling the spread of the infection whereas a worm can spread to other systems without the aid of a user.
"Even though its core component is not directly a worm, it does have the potential to download and execute another component to spread itself to other systems."
The malware usually comes in the form of a malicious Microsoft Word file that, when opened, downloads Emotet from multiple internet domains hosting the software. According to Sophos, the attackers reacted to its detections by creating new URLs storing the malware.
It remains unclear what countries were targeted in the recent spike of infections, which are aimed at the Windows operating system. The cybersecurity firm also remained vague about the scope of the attacks, failing to provide concrete statistics on the number of victims.
Emotet was first highlighted as a banking Trojan threat by security firm Trend Micro back in 2014. Cybersecurity expert Joie Salvio wrote at the time: "What makes this malware, detected as Emotet, highly notable is that it 'sniffs' network activity to steal information."
Since then, of course, the world has encountered WannaCry which showed just how much damage a computer worm can cause if allowed to spread. One month later, June 2017, Fidelis Cybersecurity said the authors of Emotet would have paid close attention to the malware pandemic.
"The WannaCry and Petya campaigns have clearly demonstrated how inclusion of other techniques like credential dumpers and exploits can greatly accelerate propagation across enterprises," Fidelis experts noted in a blog post. "Crimeware authors have taken note," they added.
All in all, it means that users running Windows, and especially enterprises using the popular operating system (OS), need to be more careful than ever before about the threats caused by worm-like malware. According to SophosLabs, there are a number of key ways to stay protected:
- Stay on top of all patch releases and apply them quickly.
- If at all possible, replace older Windows systems with the latest versions.
- If you receive a Word document by email and don't know the person who sent it, don't open it.
- Block macros in Office documents.
- Lock down file sharing across the network.
- Make sure users do not have default admin access.
- Enforce password best practices.
- Use an anti-virus with an on-access scanner (also known as real-time protection).
- Consider stricter email gateway settings.
- Never turn off security features because an email or document says so.