Security News > 2020 > July > Hacker Replaced Emotet Payloads With GIF Images
Over the past several days, a hacker managed to replace the payloads typically delivered by the Emotet Trojan with GIF images.
Within days after the campaign kicked off security researchers noticed that a hacker managed to hijack Emotet's delivery process and replace the payloads with GIF images.
"The Emotet payload distribution method is super insecure, they deploy an open source webshell off Github into the Wordpress sites they hack, all with the same password, so anybody can change the payloads infected PCs are receiving," Beaumont said in December last year.
The hijacking was first observed on July 21, when the hacker was replacing only some of the Emotet payloads.
"This is still happening today, about a quarter of payloads I check have been replaced with GIFs within the hour of Emotet pushing them," Beaumont noted in a tweet.