Notorious Emotet botnet returns after a few months off

2022-11-17 08:30

The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and delivering a new version of the IcedID malware dropper.

The various changes after almost four months of silence also could indicate a change of management for Emotet, which has been run by the threat group TA542 and in April was ranked as the top malware threat - affecting six percent of companies worldwide.

Dropping IcedID signals that Emotet is again fully functional, acting as a delivery network for other malware families.

Bad news, it's now a backdoor Unpatched Exchange server, stolen RDP logins... How miscreants get BlackCat ransomware on your network HelloXD ransomware bulked up with better encryption, nastier payload Emotet malware gang re-emerges with Chrome-based credit card heistware.

The changes to Emotet's binary also indicate the threat group behind Emotet will continue to adapt.

Since November 2, Proofpoint has found new commands, new check-in packet information, and an updated packer in Emotet.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/17/emotet_botnet_returns/

#botnet #emotet