A new variant of Emotet trojan that leverages a new POST-infection traffic technique has been discovered recently. The malware variant is tracked as Trojan.W97M.POWLOAD and spreads via phishing emails.
How does it propagate - According to researchers from Trend Micro, the new sample spreads via spam email with the help of the trojan downloader Powload. The email contains a malicious ZIP file, which if opened, results in the download of the malware. In order to open the file, the victims are required to provide the 4-digit password which is included in the email.
What’s the change in POST-infection traffic - Unlike the previous version, the new variant uses random words and numbers as a URI directory path in order to evade detection.
“Apart from the URI path, the data in the HTTP POST message body has also changed. Previous Emotet samples typically used an HTTP GET request to send victim information to the C&C server, and the data is stored in the Cookie header. The data was encrypted using an RSA key, AES, and then encoded in Base64 before being added to the Cookie value,” the researchers explained.
Worth noting - An investigation of open ports and services reveals that this new variant of Emotet is using vulnerable internet-connected devices as the first layer of C2 server. The vulnerable devices include routers, IP cameras, web servers and more.
“This first layer serves as a proxy that redirects victims to the real Emotet C&C servers, adding another layer of complexity in C&C server communication to make it more difficult to track down the actors behind the Emotet operations. Moreover, compromising vulnerable devices gives them additional resources that they can use for other malicious purposes,” the researchers noted.
You may think it’ll never happen to you. You read the news, hear about stories of a friend of a friend, but you never think that you’ll become a cautionary tale— that’s where you’re wrong.
Reached out to your IT guys immediately.
Companies are struggling to fend off cyber attacks as hackers get faster, sneakier and more creative.
A lot more than initially state
“Since you’ve installed Smart PSS AI Cameras at The Masters, Security here has been able to perform our job more efficiently! From catching dog walkers going through the Front Lobby, catching smokers on the property, to being able to talk to people parked in our roundabouts! This has made it easier to catch infractions and interact people, the camera’s AI has helped a lot as well with automated messages being given out to people idling in our roundabouts as I’ve have noticed people turn around and look at the camera and then move their car after hearing the custom pre-recorded message of my voice, which I feel gets more attention than a robotic voice. The system was easy to understand when either setting up new or editing “No Parking” zones, to recording and finding footage I’ve had no difficulty in operating this system!”
“I recently engaged TL Skynet to install new Artificial Intelligent (A.I) cameras on all exterior Lobby Entrances of the condominiums I manager in Toronto. The camera were recommended by TL Skynet to address the particular security needs facing these condos. Their unique solution not only addressed these security issues, but the product itself far exceeded expectations in performance and reliability. The team at TL Skynet were hands on during the installation and instruction process, making the new system's implementation seamless. Multiple instruction sessions were provided by TL Skynet, that were straight forward and easy to understand. Assistance has always been provided in a timely manner, addressing the issue, or providing an alternative solution thus preventing any loss of data or business operations due to down time. There is no other company I would trust with the corporation's security and IT needs than TL Skynet.”