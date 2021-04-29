Infosecurity Group Websites
Latest
News

Emotet Group Harvested Over 4.3 Million Victim Emails

The threat actors behind the notorious Emotet botnet managed to collect over four million victim email addresses over the past few years, it has emerged.

The news came from Troy Hunt, Microsoft regional director and founder of breach notification site HaveIBeenPwned.

The FBI recently reached out to Hunt to ask if the site could be used as an intermediary to help those concerned they may have been affected to check their emails against the trove.

“In all, 4,324,770 email addresses were provided which span a wide range of countries and domains,” Hunt explained in a new blog post.

“The addresses are actually sourced from two separate corpuses of data obtained by the agencies during the takedown: email credentials stored by Emotet for sending spam via victims' mail providers; and web credentials harvested from browsers that stored them to expedite subsequent logins.”

Hunt advised any individual who finds their email was in possession of Emotet to ensure their anti-malware is up-to-date, and to change their email account password as well as any passwords and security questions for accounts that might have been stored in their inbox or browser.

“For administrators with affected users, refer to the YARA rules released by DFN Cert, which include rules published by the German BKA,” he added.

Other best practice security tips also apply, including the use of two-factor authentication where possible, and strong unique passwords stored in a password manager, as well as prompt patching of all OS and software.

Emotet was finally disrupted back in January after action from the FBI and European police. Last Sunday law enforcers delivered an update to the botnet designed to erase the malware from all infected machines globally.

However, with some of the group still at large, experts believe it’s only a matter of time before they come back with an improved version of the malware.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Threat Actors Impersonate Chase Bank

2
News

REvil Removes Apple Extortion Attempt from Site: Report

3
News

Kik Tip Leads to Kindergarten Teacher’s Arrest

4
News

Online Music Marketplace Suffers Data Breach

5
News

Cyber-attack on NBA Team

6
News

US Arrests Alleged Crypto Mixer

1
Opinion

Taxed and Hacked: How Your Company Could Be at Risk This Tax Season

2
Webinar

How to Win Cybersecurity Budget and Buy-in from the C-Suite to Mitigate Increased Level of Threat

3
News

Emotet Group Harvested Over 4.3 Million Victim Emails

4
News

Cancer Patients Diverted After Cyber-Attack on MedTech Firm

5
News

First Horizon Bank Customers Have Account Funds Drained

6
News

US Arrests Alleged Crypto Mixer

1
Webinar

Supply Chain Security: Easing the Headache of Third-Party Risk Assessments

2
Webinar

How Zero Trust Enables Remote Working and Builds to a SASE Vision

3
Webinar

Data Classification: The Foundation of Effective Cybersecurity

4
Webinar

How To Secure The New World Of Distributed Work

5
Webinar

Endpoint Strategies: Balancing Productivity and Security

6
Webinar

Securing Remote Employee Devices with Unified Endpoint Management

1
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - EMEA 2021

2
Webinar

Security Mythbusting: Dismantling the Top Five API Myths

3
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - North America 2021

4
News Feature

Census 2021: How Safe Will Our Data Be Over the Next 100 Years?

5
Opinion

How Behavioral Biometrics is Combating Credential Stuffing Attacks

6
Webinar

Securing the #COVID19 Vaccine & Supply Chain