Security News > 2020 > October > Emotet campaign used parked domains to deliver malware payloads
Researchers tracking malicious use of parked domains have spotted the Emotet botnet using such domains to deliver malware payloads as part of a large scale phishing campaign.
Domain owners park their domains using parking service providers to monetize them via advertisement networks while they're not being used to host an active website or online service.
Out of 6 million newly parked domains detected as parked between March and September 2020 by Palo Alto Networks, roughly 1% started being used as part of malware or phishing campaigns.
Emotet, initially a banking Trojan, when it was first spotted in 2014, has now evolved into a botnet used by the TA542 threat group to deliver second-stage malware payloads on compromised devices.
The payloads dropped by Emotet include the QakBot and Trickbot trojans.