Emotet Malware is reborn and spreading via TrickBot infrastructure
William Marshal
Posted On November 16, 2021
The popular Emotet malware that was extensive spread in the past is back again. The malware used malicious campaigns and fake emails to spread across the web. The infected machines are then used for further spreading, and then deploy multiple payloads as per the mission. Payloads like Trickbot, QakBot, Ryuk, Conti, Egregor, ProLock ransomware were distributed using Emotet malware.
In the beginning of 2021, Europol along with the international law enforcement shutdown the Emotet malware and its entire structure, arresting two hackers. The malware was countered when the German law enforcement deployed a counter Emotet module to remove the Emotet malware from the infected devices on April 2021.
Emotet Malware is back
Security researchers from Cryptolaemus, Advanced Intel and GData have identified the Emotet stains that is being dropped by TricBot malware. Hackers have used the method called ‘Operation Reacharound’ to use the existing TrickBot malware infrastructure to bring back Emotet online, which pretty much seems like a move straight from a marvel movie. Although it seems the Emotet malware is still inoperative and dormant now, and not dropping any payloads.
This is our 3rd anniversary of Cryptolaemus1. Thanks for all the follows and sharing of intel these past 3 years! To celebrate, Ivan has released a new version of Emotet because he feels left out and wants to be part of the party. More details coming soon. As always watch URLHaus pic.twitter.com/Qwvel32ibB
— Cryptolaemus (@Cryptolaemus1) November 15, 2021
The researchers have mentioned there are changes in the binaries and the command buffer, which implies the Emotet is preparing itself to be used for mass launches in the future, especially more ransomware attacks.
Building your defenses against the new Emotet
Malware experts from Abuse.ch have disclosed a list of C&C servers that Emotet uses and advised network admins to block those IP addresses immediately. It should be noted there are already 246 devices that has been infected by the new.
Heads up, Emotet is back!💥 https://t.co/GvSlOfDmqZ
— abuse.ch (@abuse_ch) November 15, 2021
Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.
You can reach out to us via Twitter or Facebook, for any advertising requests.
