Security News > 2022 > April > Emotet reestablishes itself at the top of the malware world

More than a year after essentially being shut down, the notorious Emotet malware operation is showing a strong resurgence.

Now Kaspersky Labs says a rapidly accelerating and complex spam email campaign is enticing marks with fraudulent messages designed to trick one into unpacking and installing Emotet or Qbot malware that can steal information, collect data on a compromised corporate network, and move laterally through the network and install ransomware or other trojans on networked devices.

As an indication of the continuing development of Emotet by its operators, Cryptolaemus, the group of security researchers and systems administrators that came together more than two years ago to fight back against Emotet, said on Twitter this week that one of the botnet subgroups has switched from 32-bit to 64-bit for loaders and stealer modules.

The reemergence of Emotet into the top levels of the malware world happened quickly.

In February 2021, Europol and police forces from such places as the US, Germany, the UK and Ukraine conducted a multinational takedown of the main botnet deploying Emotet.

"These emails were sent to victims all over the world with one such example using the subject 'Buona Pasqua, happy easter,' yet attached to the email was a malicious XLS file to deliver Emotet." .

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/21/emotet-resurgence-email/