Pakistan Telecommunication Authority (PTA) has warned government organizations and citizens that dangerous hacking groups are using malware with evolving techniques to steal information.
The authority has issued an advisory in which it is stated that ‘Emotet’ malware is being used by some hacking groups with evolving techniques to avoid detection. The malware is offering generic lures with weaponized attachments to initiate an attack chain.
According to the advisory, the said malware is acting as a conduit for other dangerous malware such as Bumblebee and IcedID. It reemerged in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year and has been distributed via phishing emails.
Emotet, which is attributed to the cybercrime group tracked as TA542, has evolved from a banking trojan to a malware distributor since its first appearance in 2014. The malware-as-a-service (MaaS) is modular, capable of deploying an array of proprietary and freeware components that can exfiltrate sensitive information from compromised machines and carry out other post-exploitation activities.
Recent campaigns involving the malware have leveraged generic lures with weaponized attachments to initiate the attack chain. But with macros becoming an obsolete method of payload distribution and initial infection, the attacks have latched on to other approaches to sneak Emotet past malware detection tools.
With the newest wave of Emotet spam emails, the attached XLS files have a new method for tricking users into allowing macros to download the dropper. In addition to this, new Emotet variants have now moved from 32bit to 64bit, as another method for evading detection.
PTA has asked government organizations and officials to remain alert about unsolicited emails, especially those with attachments or links, and not open attachments or click on links from unknown or untrusted sources.
The advisory has suggested government organizations keep software and operating systems up to date and apply security patches as soon as they become available and use updated anti-virus and anti-malware software. Furthermore, important data should be regularly backed up with multiple copies.
Firewalls and intrusion detection/prevention systems should be used to protect networks. Employees should be educated about safe computing practices, such as not downloading files from unknown sources, not providing personal information, and not opening attachments or clicking on links in email messages from unknown senders.