Login

Register

Login

Register

#microsoft | #microsoftsecurity | Mystery actor disrupts Emotet malware distribution botnet | #cybersecurity | #informationsecurity


Security researchers are watching the infrastructure of malware delivery botnet Emotet being compromised by an unknown actor, and disrupting the criminals’ activities in the process.

Microsoft cyber security researcher Kevin Beaumont wrote that someone is currently replacing the malware files distributed by Emotet with animated GIF images.

The images include one of Hackerman, who starred in the internet cult classic Kung Fury.

Beaumont last year discovered that the Emotet gang used a very insecure payload distribution method.

This involves the Emotet criminals using hacked WordPress sites for storing the malware files users are tricked into executing.

To manage the distribution of malware, the Emotet gang leave an open source webshell application on the sites for access and control.

“Their passwords and techniques for this are known. The net impact is anybody can replace their payloads,” Beaumont said.

Around a quarter of all Emotet distributed malware payloads have been replaced in an automated fashion, Beaumont and other researchers estimate.

Instead of executing the malware when users click on links in phishing emails, an animated GIF displays in the user’s browser.

Currently, there’s no indication as to who is disrupting the Emotet operation.

Beaumont speculated that it might be the Emotet criminals themselves, or other threat actors trying to sabotage the botnet.

Security researchers could also be behind disrupting Emotet, Beaumont speculated.

While acknowledging that Emotet is being directly impacted by the attack, Beaumont cautioned that anybody could replace the payloads for other malware that’s less detectable.

Emotet had been quiet for several months until recently when Microsoft Security Intelligence noted the botnet had resurfaced with a massive email campaign.

The botnet is believed to have distributed the malware used to attack 19 organisations in Australia last year.

______________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.





Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW