Due to the insecure nature of how they are stored and the numerous malware families that are built to steal them, storing sensitive pieces of information (such as passwords or credit card numbers) in web browsers is not recommended. Instead, it is much better to store them in something like a password manager if storage is required. This can help prevent malware from infecting a system and easily extracting sensitive material from the user. Since Emotet is mostly delivered via phishing emails, it is important to maintain proper email security controls to help prevent malicious items from reaching end users. This would include such things as AV scanning and attachment sandboxing or filtering. If a phishing email does reach an end user’s system, it is important to have proper endpoint security controls configured as well. This includes not only preventative measures, but detective as well. Activity performed by Emotet during both infection and post-infection can be monitored for and alerted upon. Behavior like powershell.exe spawning a regsvr32.exe or rundll32.exe process, regsvr32.exe or rundll32.exe making abnormal network callouts, or suspicious Run Registry keys being created are all behaviors that can be alerted upon. Binary Defense’s Managed Detection and Response service is an excellent asset to assist with these types of detection needs.

https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-credit-cards-from-google-chrome-users/