14 DAY TRIAL // Almost 600 staff and public library computers Anne Arundel County Public Library computers were infected with the self-propagating Emotet banking Trojan, with nearly 5,000 customers who used the public computers possibly affected by the breach.
As officials of the Annapolis, MD, library say in their press release, the data breach occurred on September 17, and the Emotet banking Trojan was discovered on some library computers on October 4.
The attack was detected after some library employees started receiving a noticeably more substantial amount of spam e-mails on their library accounts during late September, followed by library staff computers rebooting on their own, with public machines soon being affected by this issue too.
As explained in the library's breach disclosure note, no customer information stored on the library's database leaked, however, patrons who used the public library computers are advised to take precautions if they typed in their credit card information or entered their social security number on any of the affected machines.
The self-propagating Emotet banking Trojan is known to exfiltrate login credentials and credit card info
"The library has already upgraded its defenses by investing in a new more sophisticated enterprise-wide virus scanner system that not only looks for virus signatures but also identifies suspicious software behavior across the entire network," says the library's press release. "Staff are also being trained on how to more quickly identify potential threats."
Malwarebytes Labs detected the malware that compromised the Anne Arundel County Public Library from Annapolis as the payload of a spam campaign spreading Word documents containing Emotet dropper scripts.
Moreover, Emotet is a well-known malware strain, a malicious tool used by threat actors to infect computers via spam e-mails for stealing financial info such as bank logins or cryptocurrency wallets.
Also, Emotet can exfiltrate proprietary info and data, login credentials, as well as Personally Identifiable Information (PII), one of the leading causes behind identity theft incidents.