Watch Out! Emotet Is Stealing Credit Card Data From Chrome Users

A new danger for Chrome users: Emotet steals credit card data! Read how to protect yourself from this aggressive malware!

Jul 5, 2022 - 4 min.
Picture of: Sebastian Ulbert
Sebastian Ulbert

Do you also prefer shopping on the internet in the evening or at weekends rather than dragging yourself into town by car, bus or train? If so, you need to be careful: even though many products are cheaper online and quicker to get, the convenience of online shopping can cost you dearly. Cybercriminals are targeting your credit card and bank details! You’re especially at risk if you use the Chrome browser on a Windows system for your online shopping. We’ll show you here how fraudsters operate and how to protect yourself against unpleasant surprises.

Emotet is not the brother of Nefertiti...

...but it’s also entering into the annals of history. It was in 2014 that the malware Emotet first wrought havoc around the world as a banking Trojan by spying on users' online banking data on infected computers. In later versions, additional malware functions were added, including the ability to misuse infected computers to send spam emails. Many security specialists now rank Emotet as one of the most dangerous forms of malware.

A special type of ‘chain letter’ 

One careless click on a link or dubious email attachment can be enough to infect your computer with Emotet – as the trojan uses particularly insidious methods to spread automatically. Emotet uses ‘Outlook harvesting’ to gather email contacts and content on infected computers and uses it to spread to more computers. To do this, it sends malicious phishing emails to the email addresses of friends or relatives you were recently in contact with. And it includes a seemingly harmless Word document or URL. If a user clicks on it, Emotet then takes root on their computer – and continues to spread more and more via email clients such as MS Outlook and other methods.

A master of disguise

Emotet is a polymorphic malware – this means that its code changes each time it’s launched. This makes it difficult for signature-based anti-virus programmes to detect its presence. Emotet’s operators can even update it and equip it with new functions on infected computers – typically to encrypt affected hard drivers or servers with ransomware and extort money from users. 

In the past, Emotet paralysed entire corporate infrastructures and caused millions in damage. However, cybercriminals have also used their software to steal bitcoin balances or obtain banking access data from private users.

A brief respite: Emotet is dead? No, it lives again!

In early 2021, people thought that Emotet was defeated once and for all. Europol announced that it had dismantled the Emotet infrastructure after more than two years of investigative work. There were also several arrests of cybercriminals in Ukraine. The total damage caused by Emotet until that time totalled around €2.1 billion.

Emotet is still on the rampage with Google Chrome in its sights

But they had spoken too soon: in early June 2022, security specialists tracked down a new variant of Emotet called Botnet. This contains a special module that can be used to read credit card data stored in Google Chrome browsers. Like in earlier versions, the malware threatens Windows systems and usually gets onto computers via legitimate-looking phishing emails that recipients think came from friends or business partners. What’s more, Emotet adapted itself to new circumstances: before, the malware tended to use macros in Microsoft Office to infect its victims’ PCs. But as many of these macros were since deactivated by default, Emotet now uses Windows links (.LNK) to capture computer systems and execute Powershell commands. 

Whoever uses Google Chrome to shop online should be on guard. Of course, it's always annoying having to re-enter your credit card information each time you shop online, and Google Chrome offers the irresistible option to have your passwords and credit/debit card information stored online to make your next visit more convenient. But the current form of Emotet, Botnet, exploits this desire for convenience: if the cyber criminals capture the name of the cardholder, the card number and the expiry date, they can go on an Internet shopping spree at the expense of the cardholder – leaving them with a nasty surprise the next time they look at their account statement.

How to protect your credit card data from Emotet

Admittedly, even experienced computer users are prone to fall for Emotet malware because the emails used to distribute the malicious program seem so harmless. For instance, do you suspect every attachment you receive from a friend could be a computer worm?

  • Maximum caution with links and email attachments:
    Check every email attachment and link you are sent carefully before opening – no matter how trustworthy the source may appear at first glance! If in doubt, you should contact the (alleged) sender to ensure they actually sent the email with the questionable attachment.
  • Don't store bank details in Google Chrome:
    Give Emotet as little opportunity for an attack as possible, and don't store any critical access data, banking details or credit card data in Google Chrome. It may be frustrating always to re-enter this information each time, but this extra effort provides reliable protection against financial damage.
  • Use powerful anti-virus programmes:
    In many cases, Windows Defender, which is integrated directly into the operating system free of charge, offers good protection against malware attacks – provided you always apply the latest updates. Anyhow, it's worthwhile installing anti-virus software from a well-respected provider and always keeping it up to date in order to detect and ward off Emotet attacks.
  • Always keep your Windows operating system and MS Office up to date:
    Always install the latest updates and patches to close off vulnerabilities that could allow cybercriminals to penetrate your system.
  • Deactivate macros in MS Office:
    Only apply macros that are absolutely necessary for your work. In the past, Emotet often misused MS Office macros to find a way into computer systems.
  • Use multifactor authentication:
    It's better to be safe than sorry when accessing your online accounts. Multi-factor authentication – preferably using biometric data – makes it almost impossible for cybercriminals to access your sensitive data.
  • Back up your data:
    Create regular backups so you can restore your data after a cyberattack.
  • Raise awareness of the risks of the online world:
    Offer regular training sessions to your staff to raise awareness of the risk of cyberattacks and implement processes to protect against cybercrime.

If Emotet has already infected your computer

  1. You have to let your email contacts know straight away as the malware may have already taken hold of their computers.
  2. Change all your access data for online portals.
  3. Ideally, you should completely reset your computer as Emotet can penetrate deep into the infected system and thus pose a sustained security threat.

Decisive Factor for More Security: Multi-Factor Authentication