Pakistan Telecommunication Authority (PTA) has warned governmentorganizations and citizens that dangerous hacking groups are using malwarewith evolving techniques to steal information.
The authority has issued an advisory in which it is stated that ‘Emotet’malware is being used by some hacking groups with evolving techniques toavoid detection. The malware is offering generic lures with weaponizedattachments to initiate an attack chain.
According to the advisory, the said malware is acting as a conduit forother dangerous malware such as Bumblebee and IcedID. It reemerged in late2021 following a coordinated takedown of its infrastructure by authoritiesearlier that year and has been distributed via phishing emails.
Emotet, which is attributed to the cybercrime group tracked as TA542, hasevolved from a banking trojan to a malware distributor since its firstappearance in 2014. The malware-as-a-service (MaaS) is modular, capable ofdeploying an array of proprietary and freeware components that canexfiltrate sensitive information from compromised machines and carry outother post-exploitation activities.
Recent campaigns involving the malware have leveraged generic lures withweaponized attachments to initiate the attack chain. But with macrosbecoming an obsolete method of payload distribution and initial infection,the attacks have latched on to other approaches to sneak Emotet pastmalware detection tools.
With the newest wave of Emotet spam emails, the attached XLS files have anew method for tricking users into allowing macros to download the dropper.In addition to this, new Emotet variants have now moved from 32bit to64bit, as another method for evading detection.
Read Top Stories
PTA has asked government organizations and officials to remain alert aboutunsolicited emails, especially those with attachments or links, and notopen attachments or click on links from unknown or untrusted sources.
The advisory has suggested government organizations keep software andoperating systems up to date and apply security patches as soon as theybecome available and use updated anti-virus and anti-malware software.Furthermore, important data should be regularly backed up with multiplecopies.
Firewalls and intrusion detection/prevention systems should be used toprotect networks. Employees should be educated about safe computingpractices, such as not downloading files from unknown sources, notproviding personal information, and not opening attachments or clicking onlinks in email messages from unknown senders.