The Emotet malware operation is again spamming malicious emails after almost a five-month "vacation" that saw little activity from the notorious cybercrime operation.
Emotet is a malware infection distributed through phishing campaigns containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL will be downloaded and loaded into memory.
Once loaded, the malware will search for and steal emails to use in future spam campaigns and drop additional payloads such as
Cobalt Strike or other malware that commonly leads to ransomware attacks.
While Emotet was considered the most distributed malware in the past, it suddenly stopped spamming on June 13th, 2022.
Researchers from the Emotet research group
Cryptolaemus reported that at approximately 4:00 AM ET on November 2nd, the Emotet operation suddenly came alive again, spamming email addresses worldwide.
Proofpoint threat researcher, and Cryptolaemus member,
Tommy Madjar, told BleepingComputer that today's Emotet email campaigns are using stolen email reply chains to distribute malicious Excel attachments.
From samples uploaded to
VirusTotal, BleepingComputer has seen attachments targeted at users worldwide under various languages and file names, pretending to be invoices, scans, electronic forms, and other lures.
