Microsoft warns that two strains of banking Trojan have appeared which can silently infect computers, steal login details and empty user accounts.
The threats are called Qakbot and Emotet and they are known as “information stealers”. While technically separate, the trojans share some important behavioural similarities.
A security blog post published on 6 November, reads that some of the new strains which hackers use, have worm-like capabilities that let them quickly spread across infected computer networks.
Additionally, the two malware variants can log a victim’s keystrokes, send files to a hackers’ command and control server, and hijack internet cookie and certificate data.
The worm functionality, which was adopted after the WannaCry ransomware outbreak in May, was spotted by SophosLabs in August. Essentially, they have both evolved into effective tools for financial cybercrime.
“Over the years, the cybercriminals behind Qakbot and Emotet have improved the code behind their malware,” the experts said. “They have evolved to evade detection, stay under the radar longer, and increase the chances of spreading to other potential victims.”
According to the analysis from January to August this year, the Qakbot and Emotet trojans were getting better at hitting targets. At the start of 2017, the Emotet infections were minimal – under 5,000 detections. Yet, Microsoft encountered the malicious software on computers more than 15,000 times in August.
Security researchers found that identically to WannaCry, the dangerous software could take advantage of a Windows OS protocol known as Server Message Block (SMB) to “drop copies” of the malware onto linked computers.
“The threat to information is greater than ever,” Microsoft warned, while showing statistics indicating that home internet users make up a large chunk of the target demographic for the culprits.
In 2014, Trend Micro defined Emotet as a major banking Trojan threat. The cybersecurity expert Joie Salvio wrote: “What makes this malware, detected as Emotet, highly notable is that it ‘sniffs’ network activity to steal information.”
Later on, the Microsoft Corporation released some key tips to keep users protected against the threat:
- Cut off internet access or disconnect the affected computers from the network until cleaned.
- Stop sharing folders that show signs of infection or set shared folders to read-only.
- Practice credential hygiene. Remove unnecessary privileges, or disable privileged accounts that have been observed to spread malware using SMB.
- Update all security software on your computer system as soon as possible.
