Security News > 2022 > April > Emotet botnet switches to 64-bit modules, increases activity

Emotet botnet switches to 64-bit modules, increases activity
2022-04-19 19:57

The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines.

Emotet is a self-propagating modular trojan that can maintain persistence on the host.

According to a report Kaspersky released today, Emotet activity is seeing a sharp rise from February to March, going from 3,000 to 30,000 emails.

The Cryptolaemus security research group, who is keeping a sharp eye on Emotet botnet activity, said that the malware operators have also switched to 64-bit loaders and stealer modules on Epoch 4, one of subgroups of the botnet that run on separate infrastructure.

As of about 14:00UTC today 2022/04/18 - Emotet on Epoch 4 has switched over to using 64-bit loaders and stealer modules.

The switch is not visible on Epoch 5 but the delay is expected, since Epoch 4 typically serves as a development test-bed for the Emotet operators, researchers from Cryptolaemus say.


News URL

https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/