Report: Emotet makes phishing lures more convincing by scraping victims’ emails
Researchers from phishing protection company Cofense say that an active botnet spreading the Emotet banking trojan has significantly upgraded its ability to spoof financial organizations with convincing phishing lures. The U.S. Computer Emergency Readiness Team (US-CERT) describes Emotet as “an advanced, modular banking Trojan” that is “among the most costly and destructive malware” for both public and private organizations. In a report published Tuesday, Cofense says it has observed Geodo — another name for Emotet — using an new scraping feature that makes its better at impersonating organizations. The feature lifts templates stolen from infected victims, then uses the templates to upgrade its phishing campaigns a with credible aura of a financial institution, according to the report. Previously known capabilities of Emotet’s spamming module include the ability to steal contact lists and email signatures, Cofense says. But in this campaign, researchers say there’s the added capability to scrape up to 16 […]
The post Report: Emotet makes phishing lures more convincing by scraping victims’ emails appeared first on Cyberscoop.
Continue reading Report: Emotet makes phishing lures more convincing by scraping victims’ emails