New Emotet Module Steals Emails
Emotet, a trojan that has proliferated in 2018, added a module that provides the capability to steal victims’ emails going back six months; Emotet had previously only stolen email address contacts from victims. The new module is downloaded from the trojan’s C2 server after a system has been compromised; therefore, the module can be used on victims currently infected with Emotet. The information gathered through this module allows the threat actors to expand their operations and impact, and make targeting more successful. The NJCCIC recommends users and administrators review the Kryptos research blog and the NJCCIC threat profile on Emotet . Additionally, we strongly encourage educating end users about this and similar threats and reminding them never to click on links or open attachments delivered with unexpected or unsolicited emails, including those from known senders. If an Emotet infection is strongly suspected but your anti-virus solution cannot detect or remove it, consider reimaging the affected system’s hard drive. Also, proactively monitor and change passwords to any financial, personal, and business accounts, as well as administrative and domain controller accounts accessed on infected systems and enable multi-factor authentication where available.