Emotet is Rebuilding its Botnet

Security

Cybersecurity professionals are unsurprised by the apparent return of Emotet malware. 

First discovered as a banking trojan in 2014, the malware evolved into a powerful tool deployed by cyber-criminals around the world to illegally access computer systems. 

The malware’s creators — APT group TA542 — hired Emotet out to other cyber-criminals, who used it to install malware, such as banking trojans or ransomware, onto victims’ computers.

Emotet’s botnet infrastructure was dismantled in January as part of a coordinated action by authorities in Canada, France, Germany, Lithuania, the Netherlands, the United Kingdom, the United States, and Ukraine.

Europol, which coordinated the global takedown action along with Eurojust, said Emotet was the “world’s most dangerous malware,” and its creators “managed to take email as an attack vector to a next level.”

Now, a team of researchers from Cryptolaemus, G DATA, and AdvIntel have reported observing the TrickBot trojan launching what appears to be a new loader for Emotet.

In a blog post, Luca Ebach said that internal processing had identified a Dynamic Link Library (DLL) that TrickBot tried to download as Emotet. 

An initial manual verification gave the researchers “high confidence that the samples indeed seem to be a re-incarnation of the infamous Emotet.” The team is now carrying out in-depth analyses in search of a more definitive result. 

“Emotet is back again on the scene and, to be fair, we’re not surprised,” said Stefano De Blasi, cyber-threat intelligence analyst at Digital Shadows.

He added: “The new variant of the infamous malware reportedly follows a similar path of delivering both malicious Office or ZIP files, in addition to other command-and-control (C2) payloads.”

De Blasi predicted that many cyber-criminal groups could return to using Emotet over the next few months. 

Erich Kron, security awareness advocate at KnowBe4, commented: “It is no surprise to see malware as successful and widespread as Emotet finding its way back on the cybercrime scene, however, it will take some time to build up to its previous size.”

He predicted: “Unfortunately, we can expect to see these infected devices used to increase the spread of ransomware, which is already out of control.”

Products You May Like

Articles You May Like

Amazon MOVEit Leaker Claims to Be Ethical Hacker
Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns
Pro-Russian Hacktivists Target South Korea as North Korea Joins Ukraine War
ESET APT Activity Report Q2 2024–Q3 2024
Webinar: Learn How Storytelling Can Make Cybersecurity Training Fun and Effective

Leave a Reply

Your email address will not be published. Required fields are marked *