Security News
A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. Emotet is a notorious malware infection distributed through phishing emails that in the past contained Microsoft Word and Excel documents with malicious macros that install the malware.
The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. A derivative of the Cridex banking worm - which was subsequently replaced by Dridex around the same time GameOver Zeus was disrupted in 2014 - Emotet has evolved into a "Monetized platform for other threat actors to run malicious campaigns on a pay-per-install model, allowing theft of sensitive data and ransom extortion."
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. Emotet is a notorious malware botnet historically distributed through Microsoft Word and Excel attachments that contain malicious macros.
Researchers with cybersecurity firms Codefense and Cryptolaemus, which track Emotet activity, both reported a sudden startup in the spamming from the botnet. Emotet started life almost a decade ago as a banking trojan, but it soon evolved into a malware delivered through spear-phishing campaigns, including emails that contain malicious Microsoft Word and Excel attachments.
The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. Emotet is a notorious malware distributed through email containing malicious Microsoft Word and Excel document attachments.
The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially reemerged in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that's distributed via phishing emails. With macros becoming an obsolete method of payload distribution and initial infection, the attacks have latched on to other methods to sneak Emotet past malware detection tools.
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it.
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it.
The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "The new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families."
The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and delivering a new version of the IcedID malware dropper. The various changes after almost four months of silence also could indicate a change of management for Emotet, which has been run by the threat group TA542 and in April was ranked as the top malware threat - affecting six percent of companies worldwide.