Security News > 2022 > June > Potent Emotet Variant Spreads Via Stolen Email Credentials

The "New and improved" version of Emotet is exhibiting a "Troubling" behavior of effectively collecting and using stolen credentials, "Which are then being weaponized to further distribute the Emotet binaries," Charles Everette from Deep Instinct revealed in a blog post this week.

In April, Emotet malware attacks returned after a 10-month "Spring break" with targeted phishing attacks linked to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success, according to a report by Proofpoint.

"Looking at the new threats coming from Emotet in 2022 we can see that there has been an almost 900 percent increase in the use of Microsoft Excel macros compared to what we observed in Q4 2021," he wrote.

Nine percent of the new Emotet threats observed were never seen before, and 14 percent of the recent emails spreading the malware bypassed at least one email gateway security scanner before it was captured, according to Deep Instinct.

Emotet still primarily uses phishing campaigns with malicious attachments as its transportation of choice, with 45 percent of the malware detect using some type of Office attachment, according to Deep Instinct.

Emotet started its nefarious activity as a banking trojan in 2014, with its operators having the dubious honor of being one of the first criminal groups to provide malware-as-a-service, Deep Instinct noted.

News URL

https://threatpost.com/potent-emotet-variant-spreads-via-stolen-email-credentials/179932/