Level 6
Emotet trojan campaigns have surfaced again after a slower period. The trojan has been active irregularly since its inception in 2014 and the campaign was on a temporary hiatus after February, but it has become highly active again with new attacks. Finnish National Cyber Security Centre issued a high-level warning about the malware on 18th of August about the trojan spreading actively in Finland.

Emotet is a modular trojan deployed as a first stage malware. Upon successfully infecting a system, it will deploy either a banking trojan, an infostealer or ransomware. An easier and quicker description would be that Emotet is a trojan that is used to open the gates for other malicious operations. Emotet is usually distributed in massive email campaigns utilizing especially attachments with Microsoft Office macros to gain access and steal target information like emails and contacts and send that information to its command channel. Using this information, it targets new victims by spoofing emails and takes advantage of the real email conversations and contacts. This makes it really difficult for an end-user to spot the phishing emails as the messages seem legit and also the end-user education becomes more and more difficult and not even necessarily effective. Emotet is regularly updated and modified and it is capable of updating itself and the command-and-control channel making it difficult to spot with traditional antivirus signatures or on the network level.