Cybercriminals create a network sniffing malware to reach bank customers
Online banking have made all systems connected and allowed users to easily purchase their product without any issue. while this is an advantage there are still some disadvantages for such solution with human vulnerabilities. In the last few years cyber criminals are focusing on these system by creating spoofed emails and phishing websites to compromise more users and have their credential.
one of the last cases spotted by TrendMicro is a new malware that steal victims credentials and sensitive information by sniffing the compromised network activity. EMOTET is the name of this malware that is promoted by spamming campaign where the fake email trick user by referring to a financial transaction for Volksbanken-AG and contain a link to download and install all malware component.
Sample of the spam message spotted by TrendMicro
According to TrendMicro post targeted customers are for Banks in Germany this was identified by the email samples and malware configuration analyses. While the malware is combining the attack between network sniffing and DLL injection for hooking certain processes.
Reversing EMOTET shows that it is similar to other banking trojan as it look into the authentication field while the network information can add more capabilities for the malware to grab encrypted information with HTTPS. At the moment the malware is concentrated in Europe specifically in Germany while we may see more samples distributed in the cyberspace and other countries in the future.
If you receive similar spoofed emails make sure to ignore them and report them as a junk email so your security software update his definition.