“In fact, 2013 saw almost a million new banking malware variants—double the volume of the previous year. The rise of banking malware continued into this year, with new malware and even new techniques.” states Joie Salvio, Threat Response Engineer at Trend Micro.
The banking malware EMOTET was spread with a classic email spam campaign, attackers try to deceive the banking customers letting them into believing that the malware is a legitimate shipping invoice sent by the bank.
“Users who receive these emails might be persuaded to click the provided links, considering that the emails refer to financial transactions.” states Trend Micro.
The spammed email includes a link that must be clicked by the targeted users to allow malware get installed. Once installed the malware download further components, including DLL and configuration files that contain information about the targeted banks.
“When injected to a browser, this malicious DLL compares the accessed site with the strings contained in the previously downloaded configuration file. If strings match, the malware assembles the information by getting the URL accessed and the data sent. The malware saves the whole content of the website, meaning that any data can be stolen and saved.EMOTET can even “sniff” out data sent over secured connections through its capability to hook to the following Network APIs to monitor network traffic:”
“As EMOTET arrives via spammed messages, users are advised not to click links or download files that are unverified. For matters concerning finances, it’s best to call the financial or banking institution involved to confirm the message before proceeding.” suggests Trend Micro.