The Emotet botnet has been seen delivering a credit card stealer module to infected systems as part of its post-compromise activity, according to new reports. The module is designed to harvest credit card information that is stored in Google Chrome user profiles.
The credit card stealer module in question appears to be specifically targeted towards Google Chrome. Once the credit card information has been extracted from the user’s Chrome profile, the malware sends it back to its command-and-control (C2) server. However, the C2 server it sends the information to is different than the one that deployed the card stealer.
Emotet has seen a massive increase in activity since the start of this year, growing more than 100-fold since last year. The malware family will likely continue to evolve and adapt to industry changes and its own shifting goals and priorities.