Emotet returned from vacation and is active again – How to reduce risk in your environment?

CyberPanther

Level 6
Thread author
Verified
Well-known
Oct 1, 2019
295
Emotet trojan campaigns have surfaced again after a slower period. The trojan has been active irregularly since its inception in 2014 and the campaign was on a temporary hiatus after February, but it has become highly active again with new attacks. Finnish National Cyber Security Centre issued a high-level warning about the malware on 18th of August about the trojan spreading actively in Finland.

Emotet is a modular trojan deployed as a first stage malware. Upon successfully infecting a system, it will deploy either a banking trojan, an infostealer or ransomware. An easier and quicker description would be that Emotet is a trojan that is used to open the gates for other malicious operations. Emotet is usually distributed in massive email campaigns utilizing especially attachments with Microsoft Office macros to gain access and steal target information like emails and contacts and send that information to its command channel. Using this information, it targets new victims by spoofing emails and takes advantage of the real email conversations and contacts. This makes it really difficult for an end-user to spot the phishing emails as the messages seem legit and also the end-user education becomes more and more difficult and not even necessarily effective. Emotet is regularly updated and modified and it is capable of updating itself and the command-and-control channel making it difficult to spot with traditional antivirus signatures or on the network level.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top