Security News > 2021 > December > 140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead
The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the malware is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021.
"Emotet is a strong indicator of future ransomware attacks, as the malware provides ransomware gangs a backdoor into compromised machines," said the researchers, who detected 223 different Trickbot campaigns over the course of the last six months.
Disseminated via malspam campaigns or previously dropped by other malware like Emotet, TrickBot is believed to be the handiwork of a Russia-based group called Wizard Spider and has since extended its capabilities to create a complete modular malware ecosystem, making it an adaptable and evolving threat, not to mention an attractive tool for conducting a myriad of illegal cyber activities.
What's more, TrickBot infections in November and December have also propelled a surge in Emotet malware on compromised machines, signaling a revival of the infamous botnet after a gap of 10 months following a coordinated law enforcement effort to disrupt its spread. "Emotet could not choose a better platform than Trickbot as a delivery service when it came to its rebirth," the researchers noted.
"Trickbot, who has always collaborated with Emotet, is facilitating Emotet's comeback by dropping it on infected victims. This has allowed Emotet to start from a very firm position, and not from scratch."
"This is a big deal. Typically Emotet dropped TrickBot or QakBot, which in turn dropped Cobalt Strike. You'd usually have about a month between [the] first infection and ransomware. With Emotet dropping directly, there's likely to be a much much shorter delay," security researcher Marcus Hutchins tweeted.
News URL
https://thehackernews.com/2021/12/140000-reasons-why-emotet-is.html