Key Takeaways
- Ntau tus neeg muag khoom ruaj ntseg tau kuaj pom qhov rov tshwm sim ntawm Emotet malware.
- Tus tshiab Emotet variant muaj cov qauv tsim los nyiag cov ntaub ntawv credit card khaws cia hauv Google Chrome browser.
-
Cov kws tshaj lij kev nyab xeeb siv lub sijhawm no los ceeb toom tib neeg kom tsis txhob khaws cov ntaub ntawv rhiab hauv lawv lub vev xaib browsers.
Nws yuav yooj yim, tab sis khaws cov passwords thiab lwm yam ntaub ntawv rhiab hauv koj tus browser tsis yog lub tswv yim zoo, ceeb toom cov kws paub txog kev ruaj ntseg.
Nyob rau lub lim tiam no, ntau tus neeg muag khoom kev ruaj ntseg tau ntes cua ntawm qhov rov tshwm sim ntawm Emotet botnet txaus ntshai tom qab nws raug tshem tawm hauv kev ua haujlwm thoob ntiaj teb uas cuam tshuam nrog ntau lub tebchaws coj los ntawm Europol, thiab Asmeskas, xyoo 2021. tshiab Emotet variant, Proofpoint tau pom tias nws suav nrog cov qauv tshiab tsim los rho tawm cov ntsiab lus credit card khaws cia hauv tus neeg raug tsim txom lub vev xaib.
"Rau peb qhov xav tsis thoob [tus tshiab Emotet botnet] yog tus neeg nyiag daim npav rho nyiaj uas tsuas yog tsom rau Chrome browser," tweeted Proofpoint. "Thaum daim npav cov ntsiab lus tau sau tseg, lawv tau raug tshem tawm mus rau [kev tawm tsam servers tswj los ntawm cybercriminals]."
Rov Los Ntawm Qhov Tuag
Charles Everette, Tus Thawj Coj ntawm Cyber Astivocacy ntawm Deep Instinct, hais rau Lifewire dhau email tias Emotet, ib qho ntawm cov malware uas muaj txiaj ntsig zoo tshaj plaws txij li xyoo 2014, tam sim no muaj ob peb yam tshiab thiab tawm tsam vectors hauv nws lub arsenal.
"Ib qho ntawm cov kev coj ua nyuaj tshaj plaws uas cov kws tshawb fawb txog kev hem thawj ntawm Deep Instinct pom yog [Emotet's] nce kev ua tau zoo hauv kev sau thiab siv cov ntaub ntawv raug nyiag, " taw qhia Everette.
Txawm hais tias Emotet tseem siv ntau qhov kev tawm tsam tib yam uas nws tau siv yav dhau los, Everette tau hais tias cov kev tawm tsam tam sim no muaj ntau dua, thiab qee qhov tseem tuaj yeem hla cov cuab yeej kev ruaj ntseg.
[Ib txhia ntawm cov kev tawm tsam no] tsis tau pom ua ntej-pom kev hem, txhais tau tias lawv tsis paub meej, "Everett hais. "Ua ke nrog lawv cov peev txheej tshiab, [thiab cov yam ntxwv xws li] daim npav rho nyiaj muaj peev xwm los ntawm Chrome, txhais tau tias Emotet yog qhov kev hem thawj loj dua li yav dhau los."
Qhov tseeb tias cov malware mus tom qab Chrome, tshwj xeeb, tsis xav tsis thoob Dahvid Schloss, Tswj Tus Thawj Coj, Kev Nyab Xeeb Kev Nyab Xeeb, ntawm Echelon Risk + Cyber . Hauv kev sib pauv email nrog Lifewire, Schloss tau hais tias qhov kev tawm tsam zoo li siv qhov teeb meem ntev hauv Chrome.
"Nws tau nyob ib puag ncig ntev heev-2015 [yog] thawj zaug [Kuv pom] ib tsab xov xwm sau txog nws," Schloss hais. "Tab sis chrome tau tsis kam daws nws vim lawv hais tias nws xav kom tus neeg tawm tsam twb nyob hauv lub tshuab los siv."
Tshaj tawm qhov teeb meem, Schloss tau piav qhia tias nws tshwm sim vim Chrome khaws cov ntaub ntawv ib ntus, suav nrog cov passwords, hauv nws qhov chaw nco tau faib rau hauv cov ntawv dawb.
"Yog tias tus neeg tawm tsam tuaj yeem [download] lub cim xeeb rau hauv cov ntaub ntawv, lawv tuaj yeem txheeb xyuas cov ntaub ntawv los nrhiav cov passwords khaws cia nrog rau lwm cov hlua zoo li, hais, daim npav rho nyiaj [tus lej]," piav qhia Schloss.
Yooj yim txheeb xyuas
Raws li kev xav tob tob, Emotet tau muaj txiaj ntsig thoob plaws xyoo 2019 thiab 2020, ua kom zoo dua los ntawm cov ncauj lus kub los ua ib txoj hauv kev los ntxias cov neeg raug tsim txom los qhib kev phem phishing email.
Txhawm rau pab peb txheeb xyuas lub tswv yim los tiv thaiv peb tus kheej tawm tsam Emotet variant tshiab, Pete Hay, Tus Thawj Coj Kev Qhia ntawm cybersecurity testing thiab kev cob qhia lub tuam txhab SimSpace, hais rau Lifewire hla email tias qhov tseeb tias txawm tias cov malware tshiab sib txawv kis los ntawm cov koob. ntawm hmuv-phishing email tawm tsam yog "xov xwm zoo."
"Cov neeg feem coob tau ua zoo ntawm kev txheeb xyuas cov email uas tsis zoo li zoo," hais Hay. "Lub xub ntiag ntawm cov ntaub ntawv khaws cia uas muaj tus password tiv thaiv, thiab email chaw nyob uas tsis phim rau lwm tus hauv email, yog cov ntsiab lus uas yuav tsum tsa tus chij liab tseem ceeb."
Nyob rau hauv qhov tseem ceeb, Hay ntseeg tias kev ceev faj ntawm txhua tus email tuaj yuav tsum muaj txaus los tiv thaiv thawj qhov kev taw qhia tus tshiab Emotet variant xav tau los cuam tshuam cov khoos phis tawj. "Raws li Emotet kev hem thawj rau Chrome tshwj xeeb, hloov mus rau Brave lossis Firefox yuav tshem tawm qhov kev pheej hmoo," ntxiv Hay.
Schloss, txawm li cas los xij, tau hais tias qhov kev xaiv zoo tshaj plaws rau cov tib neeg los tshem tawm txoj kev pheej hmoo ntawm lawv cov browsers xau passwords yog kom tsis txhob khaws cov ntaub ntawv rhiab hauv cov apps hauv thawj qhov chaw, txawm tias lawv tsis siv Chrome.
[Xaiv, siv] qhov muaj txiaj ntsig thib peb cov ntaub ntawv khaws cia app zoo li LastPass… [uas] tso cai rau tus neeg siv khaws lawv cov passwords thiab credit card naj npawb, yog li lawv tsis tas yuav sau lossis khaws cia. nyob rau hauv cov chaw tsis muaj zog, "qhia Schloss.