Emotet malware is back, and potentially nastier than ever

Brace for impact, warn researchers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityprofessionals have once again begun to see threat actors dropmalwarein a bid to revive the infamous Emotet botnet.

In January this year, law enforcement agencies in Europe and North America joined forces as part of a coordinated effort todisrupt and take downthe Emotet botnet.

However, multiple security vendors and experts, includingCryptolaemus,GData, andAdvanced Intelhave detected activity that points to Emotet’s imminent return.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

“On Sunday, November 14, at around 9:26pm UTC we observed on several of our Trickbot trackers that the bot tried to download a DLL to the system. According to internal processing, these DLLs have been identified as Emotet….Currently, we have high confidence that the samples indeed seem to be a re-incarnation of the infamous Emotet,”assertsGData.

Back from the dead?

The Emotet malware had evolved into the go-to solution for cybercriminals who used its infrastructure to gain access to targeted systems on a global scale. Its operators then sold this access to other cybercrime groups for deployingransomwareincluding Ryuk, Conti, ProLock, Egregor, and several others.

Reporting on the development,BleepingComputernotes that in an apparent change of tactics, the threat actors behind Emotet’s revival are now using a method dubbed “Operation Reacharound” to rebuild the Emotet botnet using TrickBot’s existing infrastructure.

Emotet research group Cryptolaemus has begun analyzing the new Emotet loader, and has detected changes compared to the past.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“So far we can definitely confirm that the command buffer has changed. There’s now 7 commands instead of 3-4. Seems to be various execution options for downloaded binaries (since its not just dlls),” noted Cryptolaemus researchers.

Researchers also added that although they had not seen any signs of the Emotet botnet performing spamming activity or found any malicious documents dropping the malware, it’s only a matter of time.

“It is an early sign of the possible impending Emotet malware activity fueling major ransomware operations globally given the shortage of the commodity loader ecosystem,” AdvancedIntel’s Vitali Kremez toldBleepingComputer.

It’s time to batten down the hatches with the help of thesebest firewall apps and services, and ensure your computers are protected with thesebest endpoint protection tools.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well