Google Chrome users have been warned their credit card details are at risk, thanks to an infamous and dangerous piece of malware which is now targeting the market-leading browser. Security experts at Proofpoint have discovered the notorious Emotet malware is trying to steal sensitive financial information from Chrome users. The Emotet malware was first discovered in 2014, and while it started life out as a banking trojan it has evolved into one of the most dangerous pieces of malware around.
The malware can spread from computer to computer easily and can evade traditional antivirus software, thanks to subtle coding tweaks that are introduced regularly.
It is estimated that Emotot has caused millions of pounds worth of damage in total throughout its history.
Emotet is typically spread through email scam campaigns, and besides loading malware that targets banking apps it can also be used for ransomware attacks.
Highlighting the new danger to Chrome usersProofpoint’s Threat Insight team said: “On June 6th, Proofpoint observed a new #Emotet module being dropped by the E4 botnet. To our surprise it was a credit card stealer that was solely targeting the Chrome browser. Once card details were collected they were exfiltrated to different C2 servers than the module loader.”
The new threat specifically targets Chrome users that saved credit card information to their profile.
As always with malware threats, there are a few pieces of good practice you can put into place today to help keep you safe from this threat and others of its kind.
Firstly, Emotet is widely distributed via dangerous emails so always be careful of what message you click on in your inbox for Gmail, Hotmail, Outlook or another kind of email provider.
And if you do end up clicking on such a message by accident be very careful of any attached files or links directing you to external websites.
You can usually spot a scam a mile off by double-checking a few things. Scam messages will usually have typos or grammatical errors you wouldn’t usually find in messages from reputable organizations.
Also, if you have received a message which you’re not sure if legitimate then double check the sender’s email address.
If the email is genuine then the email should be sent from an official domain name. If it’s sent from a Gmail account or a domain that looks legit but isn’t quite the same as the official one then alarm bells should be ringing.
If you carry out all of these checks but still aren’t sure then you can always contact the organization in question to clarify if the email you received is genuine or not.
While this will take a bit of extra time, it will save you a lot more in the time that would be lost due to stress or money stolen if you did fall victim to such a scam.
And given how dangerous Emotet is, you will want to make sure you do all you can to avoid it all costs.
Speaking previously, Europol described Emotet as the ‘world’s most dangerous malware’.
The European law enforcement agency said: “EMOTET has been one of the most professional and long lasting cybercrime services out there. First discovered as a banking Trojan in 2014, the malware evolved into the go-to solution for cybercriminals over the years. The EMOTET infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorized access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware.”