Sign up to our newsletter
Microsoft has warned of a new variant of a banking malware that appears to be targeting German speakers, according to PC World.
The malware is a variant of Emotet, which can detect banking credentials over encrypted HTTPS connections, tapping into eight network APIs. This latest version seems to be targeting predominantly German users for the time being, according to HeungSoo Kang of Microsoft’s Malware Protection Center.
IT World claims that the malware is spread through spam email messages, which contain either a link to a website hosting the malware, or a PDF document icon which is actually the malicious content. As with similar spam campaigns, the email tries to draw attention to itself by purporting to be a claim, a phone bill, an invoice from a bank or a message from PayPal. Unfortunately, the emails can be difficult to filter out, as the messages come from real, legitimate email addresses, rather than fake accounts.
Writing on the Malware Protection Center blog, Kang wrote that on infected machines, the family of malware can “also steal email account user names and passwords from installed email or messaging software.” The malware has apparently been witnessed attempting to extract usernames and passwords from the likes of Gmail Notifier, Google Talk, Mozilla thunderbird, Windows Live Messenger, various versions of Outlook, Windows Live Mail and Yahoo! Messenger, amongst others. Stolen information is sent back to its command and control server, where the malware is sent spread further using spam email.
“We are closely monitoring this and related threats using the telemetry we receive from our customers, which allows us to respond faster and remediate more effectively,” Kang concluded.
Author Alan Martin, ESET