Refreshed from its holiday, Emotet has gone phishing

2023-03-09 18:27

Researchers with cybersecurity firms Codefense and Cryptolaemus, which track Emotet activity, both reported a sudden startup in the spamming from the botnet.

Emotet started life almost a decade ago as a banking trojan, but it soon evolved into a malware delivered through spear-phishing campaigns, including emails that contain malicious Microsoft Word and Excel attachments.

The ZIP files contain an Office document with macros that, once opened, prompts the victim to "Enable Content." Doing this will let the malicious macros run and download an Emotet DLL from another site and execute it on the machine.

According to AttackIQ, Emotet also acts as malware-as-a-service, selling access to compromised systems to other miscreants, who would then load their own malware via the command-and-control channels created through the Emotet infections.

Will LaSala, field CTO for cybersecurity group OneSpan, called Emotet "a dangerous mobile malware variant," telling The Register that they "Are designed to attack specific organizations and markets, such as the financial space. Mobile malware is ever changing and can change quickly and be redeployed to attack new verticals in a moment's notice."

An interesting point on the latest Emotet campaign is that it looks to take advantage of macros in the malicious Microsoft documents.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/09/emotet_returns_after_break/

#emotet #phishing