Emotet botnet starts blasting malware again after 5 month break


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
The Emotet malware operation is again spamming malicious emails after almost a five-month "vacation" that saw little activity from the notorious cybercrime operation.

Emotet is a malware infection distributed through phishing campaigns containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL will be downloaded and loaded into memory.

Once loaded, the malware will search for and steal emails to use in future spam campaigns and drop additional payloads such as Cobalt Strike or other malware that commonly leads to ransomware attacks.

While Emotet was considered the most distributed malware in the past, it suddenly stopped spamming on June 13th, 2022.

Researchers from the Emotet research group Cryptolaemus reported that at approximately 4:00 AM ET on November 2nd, the Emotet operation suddenly came alive again, spamming email addresses worldwide.

Proofpoint threat researcher, and Cryptolaemus member, Tommy Madjar, told BleepingComputer that today's Emotet email campaigns are using stolen email reply chains to distribute malicious Excel attachments.

From samples uploaded to VirusTotal, BleepingComputer has seen attachments targeted at users worldwide under various languages and file names, pretending to be invoices, scans, electronic forms, and other lures.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.