With strong demand for the use of digital media in this year of the novel coronavirus pandemic, the various cybersecurity issues have become even more evident in recent months.

This made certain threats reappear a few years ago, but which were no longer frequently used by cybercriminals. One is Emotet, according to an ESET alert this week. And Brazil is one of the countries that suffered the most in Latin America. Learn more below:

What is Emotet?

Emotet was discovered in 2014 as a banking Trojan and over time developed into modular malware, used to download other malicious code onto the victim’s computer.

These threat transformations translate into ESET data between November and December 2019, which shows that over 27,000 variants were detected each month over the period. And that was before the great use of the Internet, required in times of social isolation in the world.

Security Sep 29

Security 03 Sep

Historical

TudoCelular has come to respond to different situations in the past, in which Emotet presented itself with danger to users. One happened in November 2018, when it reappeared strongly in malicious attachments.

At the time, it was acting with its original function: as a banking Trojan, stealing passwords, credit card details, and even cryptocurrency.

In March of this year, it was one of the traps used in bogus coronavirus apps to trick users into stealing data now present in Brazil in the Portuguese language.

New threat

In an article on the WeLiveSecurity blog, ESET highlighted a considerable growth in Emotet detection in Latin America, starting in the second half of 2020. Since July, there has been a steady increase in activity, across distribution threats like TrickBot and Qbot.

Over the past seven months, the digital security firm has found a number of websites attacked by Emotet in the region. Brazil is among the most affected, along with Argentina, Mexico, Colombia, Chile and Ecuador. From April to August there was a ferlinium, but the situation in recent months has been more serious.

Brazil among the biggest detections

By analyzing the identifications of the Trojan horse only in the last three months – August, September and October – it is possible to verify how the malware is increasingly present in Latin American countries.

Especially in October, Brazil presented its highest index and is only behind Argentina.

Distribution by attachments

As in the cases discussed in 2018, Emotet also has its distribution currently via attachments in phishing emails. It can usually contain a Word document (.doc), a PDF or a compressed file (.zip).

When opening one of these infected files, PowerShell commands are executed hidden in the macros, which generates the malware download to be executed in the sequence. They proceed to create a folder with a file in the path given below:

C: Users \ AppData Local \

Actions in practice

It has already been mentioned above that Emotet ends up using the TrickBot and Qbot families of trojans to claim victims. But how do they work in practice? The former focuses on the theft of credentials from bank accounts and acquired the ability to perform more dangerous functions.

These include obtaining information about devices – such as operating systems, programs, user and domain names -, theft of credentials in browsers and the Outlook client. , using the mimikatz tool to obtain Windows credentials, compromising protocols – such as SMB and LDAP – to spread over the corporate network, and install other types of malware.

Qbot, meanwhile, is a modular threat, which has four main actions: theft of passwords, emails and other types of information; installation of other types of malware; permission to connect to the victim’s device and perform banking transactions by IP address; and use the victim’s email channels to distribute malicious messages.

Reasons for return

It is no coincidence that Emotet has been reused. Until August, a kill switch called Emocrash was distributed privately and prevented the installation of the Trojan horse on computers.

But since then, cybercriminals have managed to find a loophole and made changes to the source code, which allowed them to ‘bypass’ the barrier – despite the fact that the security layer has not been confirmed to be distributed. throughout Latin America.

How to protect yourself?

ESET also gave a series of tips to protect against Emotet, including basic security tips, keeping devices up to date, not opening suspicious email attachments, testing on the network, and using a reliable antivirus solution.

In addition, other specific tips are to disable macros in Office documents – where Trojans would be installed – and to check your emails, domains, and computers on specific tools. For the first two cases, there is the website haveibeenemotet. For the PC, there is a free tool for Windows called EmoCheck.

Have you ever been a victim of this Emotet Trojan at some point in your life? Have you noticed anything suspicious that could contain the threat in the past few months? Report to us in the space below.