Emotet variant steals credit card data from Chrome

The Emotet-based credit card stealer is exclusive to Google’s browser, which over 60% of internet users use.

The infamous Emoter malware is now capable of deploying a new module designed to pluck credit card information stored in the Chrome web browser.

First discovered by researchers at cybersecurity firm Proofpoint on 6 June, the module was dropped by the E4 botnet, a part of Emotet’s infrastructure.

“To our surprise, it was a credit card stealer that was solely targeting the Chrome browser. Once card details were collected they were exfiltrated to different C2 servers than the module loader,” researchers said in a tweet.

Emotet, the invincible

According to Check Point Research, Emotet, an advanced, self-propagating, and modular Trojan is the most prevalent malware and impacts 6% of organizations worldwide.

The Emotet infrastructure acted as a primary door opener for computer systems. Once unauthorized access was established, they were sold to cybercriminals to further exploit the system, for example, deploying ransomware.

The criminal empire went silent and was largely inactive from January to October 2021. However, from October, Emotet started being delivered as a secondary payload after a PC was infected with TrickBot malware.

Since its resurgence, Emotet has been increasingly active, with HP Wolf Security reporting a 2,823% increase in Emotet email spam in Q1 of 2022 compared to the previous quarter.

“The malware rose 36 places to become the most popular family in circulation, behind Agent Tesla and Nemucod,” the company said in Threat Insights Report.