Emotet Group Harvested Over 4.3 Million Victim Emails

Emotet Group Harvested Over 4.3 Million Victim Emails

The threat actors behind the notorious Emotet botnet managed to collect over four million victim email addresses over the past few years, it has emerged.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The news came from Troy Hunt, Microsoft regional director and founder of breach notification site HaveIBeenPwned.

The FBI recently reached out to Hunt to ask if the site could be used as an intermediary to help those concerned they may have been affected to check their emails against the trove.

“In all, 4,324,770 email addresses were provided which span a wide range of countries and domains,” Hunt explained in a new blog post.

“The addresses are actually sourced from two separate corpuses of data obtained by the agencies during the takedown: email credentials stored by Emotet for sending spam via victims’ mail providers; and web credentials harvested from browsers that stored them to expedite subsequent logins.”

Hunt advised any individual who finds their email was in possession of Emotet to ensure their anti-malware is up-to-date, and to change their email account password as well as any passwords and security questions for accounts that might have been stored in their inbox or browser.

“For administrators with affected users, refer to the YARA rules released by DFN Cert, which include rules published by the German BKA,” he added.

Other best practice security tips also apply, including the use of two-factor authentication where possible, and strong unique passwords stored in a password manager, as well as prompt patching of all OS and software.

Emotet was finally disrupted back in January after action from the FBI and European police. Last Sunday law enforcers delivered an update to the botnet designed to erase the malware from all infected machines globally.

However, with some of the group still at large, experts believe it’s only a matter of time before they come back with an improved version of the malware.

By admin