Lock up your Office macros: Emotet botnet back from the dead with Trickbot links

2021-11-16 19:57

The Emotet malware delivery botnet is back, almost a year after law enforcement agencies bragged about shutting it down and arresting the operators.

The revival of Emotet is serious because in its final form the Windows malware network was increasingly being used to deliver ransomware, as well as the traditional online banking credential-stealing code it was previously best known for.

Typically spam emails sent by Emotet contain a document in a common file format with embedded macros.

"Emotet's re-emergence is a notable event due to the prevalence of this malware family historically. There are indications that Emotet was initially being deployed by TrickBot and has since started sending out phishing emails as well," said Roxan.

"Phishing has always been the primary method used to distribute Emotet and in 2018 festive emails were used as a lure to trick victim's into successfully downloading malicious Word documents disguised as Christmas cards," said Dr Özarslan.

The original Emotet ran over unencrypted HTTP. "As per the famous duck-typing, we conclude so far: smells like Emotet, looks like Emotet, behaves like Emotet - seems to be Emotet," concluded the firm.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/11/16/emotet_botnet_rappears/

#botnet #macro #office #trickbot