A banking Trojan, dubbed Emotet, first reported in 2014 has returned and is targeting users in the UK with phishing emails bearing documents that install the Trojan onto victims' PCs.
The new variant of the Emotet Trojan appears to be targeting the UK, with more than three-quarters of attacks reported in the UK, according to security software company Zscaler.
The Trojan is spread via phishing emails and, if activated, steals banking credentials and email addresses. It is commonly distributed through documents sent via email - phishing - with what Zscaler describes as highly obfuscated macros that serve payloads to download and install the Trojan onto a victim's machine.
Furthermore, warns Zscaler, there have also been reports that the Trojan can spread via network exploits, presumably using the US National Security Agency exploits ‘showcased' in the recent WannaCry and NotPetya malware outbreaks. However, these reports have yet to be confirmed and Zscaler admits that such features in the malware haven't yet been identified.
Emotet first emerged in 2014 when it wreaked havoc in the US and Europe, according to Zscaler, but has re-emerged this year, with the first reports coming in April 2017.
"Emotet is a multi-component malware which specialises in a multitude of nefarious activities, including stealing credentials from browsers and mail clients, banking theft via Man-in-the-Browser attack, email harvesting and propagation through spam emails from infected systems," warns Zscaler in its report.
The code is encrypted to obfuscate the attack from security software "[It] is decrypted in the memory using a custom algorithm involving ‘Base-64 decode' and ‘XOR'. A new process is created in suspended mode and the decrypted Emotet binary is written in the address space of this process".
A new process and system service is created in Windows and, once the service is started, a Windows API is invoked to periodically trigger core malicious code that is responsible for communication with the command and control (C&C) servers, send collected information, and await commands from the server.
Climate change likely forced inhabitants of Indus Valley civilisation to resettle in the Himalayan foothills
Shift in weather patterns made agriculture almost impossible in the Indus Valley region
Researchers claim that the magnetic properties of a thin-film material can be controlled by applying a small voltage
Dubbed Antlia 2, the ghost galaxy sits just 130,000 light-years away from the Milky Way
Delays to the roll-out of age verification for adult websites hasn't stopped government from considering extending them to more websites