Emotet Coming in Hot


Thread author
Staff Member
Malware Hunter
Jul 27, 2015
Emotet is a ubiquitous and well-known banking trojan that has evolved over the years to become a very successful modular botnet capable of dropping a variety of other threats. Even after a global takedown campaign in early 2021 disrupted the botnet, it reemerged later that year, rebuilding its infrastructure and becoming highly active in a short time.

Emotet is back again with a new campaign displaying many characteristics of older runs, including the use of Auto Open macros inside XLS documents. Cisco Talos has observed an increased activity of spam distributing this new strain beginning in early November 2022, and the volume of spam and Emotet infrastructure has been increasing since then to target multiple geographies around the world.
Following Microsoft’s recent announcement that it would begin disabling macros by default in Office documents downloaded from the internet, many malware families have begun migrating away from Office macros to other delivery mechanisms like ISO and LNK files. Therefore, it is interesting to note that this new campaign of Emotet is using its old method of distributing malicious MS Office documents (maldocs) via email-based phishing.

The malware is delivered via email spam messages that contain a zip file with a XLS file inside, or the XLS attached directly to the email. Based on the samples Talos observed, the messages have minimal content in the email body, typically only consisting of a filename and password. These emails might either be new emails arriving in a victim’s inbox or can even pose as responses to an existing, hijacked thread

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.