Emotet Malware is reborn and spreading via TrickBot infrastructure

The popular Emotet malware that was extensive spread in the past is back again. The malware used malicious campaigns and fake emails to spread across the web. The infected machines are then used for further spreading, and then deploy multiple payloads as per the mission. Payloads like Trickbot, QakBot, Ryuk, Conti, Egregor, ProLock ransomware were distributed using Emotet malware.

In the beginning of 2021, Europol along with the international law enforcement shutdown the Emotet malware and its entire structure, arresting two hackers. The malware was countered when the German law enforcement deployed a counter Emotet module to remove the Emotet malware from the infected devices on April 2021.

Emotet Malware is back

Security researchers from Cryptolaemus, Advanced Intel and GData have identified the Emotet stains that is being dropped by TricBot malware. Hackers have used the method called ‘Operation Reacharound’ to use the existing TrickBot malware infrastructure to bring back Emotet online, which pretty much seems like a move straight from a marvel movie. Although it seems the Emotet malware is still inoperative and dormant now, and not dropping any payloads.

The researchers have mentioned there are changes in the binaries and the command buffer, which implies the Emotet is preparing itself to be used for mass launches in the future, especially more ransomware attacks.

Building your defenses against the new Emotet

Malware experts from Abuse.ch have disclosed a list of C&C servers that Emotet uses and advised network admins to block those IP addresses immediately. It should be noted there are already 246 devices that has been infected by the new.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.