Byte-size Bulletins

One of the most dangerous forms of malware is back.

Written by Rachael Brown | Dec 1, 2021
 

Emotet, described by experts as the “world’s most dangerous malware” is back, after the gang who created and controlled it had their infrastructure taken down.

Back in January, international law enforcement coordinated by Europol and Eurojust, managed to take away access to the Emotet gang’s servers and arrest several high profile members.

This temporarily put a stop to the gang’s Emotet banking trojan, which has been active since 2014. However, researchers from Cryptolaemus, GData, and Advanced Intel are warning its back. 

Which is a serious issue considering the way in which this malware works. Emotet using a botnet sends massive waves of email spam to users worldwide in order to infect them with its malware strain.

A botnet is a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g. to send spam. 

Infected systems would then allow the Emotet gang to download and install additional payloads. The gang has primarily operated as a Malware-as-a-service (they lease software and hardware for carrying out attacks) infrastructure for various criminal groups, including ransomware gangs.


The threat actors are now using a method dubbed “Operation Reacharound” to rebuild the Emotet botnet using the Malware TrickBot’s existing infrastructure. Basically, Emotet malware would be installed on systems that had been previously infected with TrickBot.

Network administrators are recommended to IP addresses associated with this campaign to prevent infections with the reformed Emotet bot.

“If Emotet is truly coming back ‘online’, and it appears that it is, they will likely bring with them a bag of new tricks ready to throw at us.” warn Cofense Labs.

We urge you in the face of threats like these to continue building in critical layers of security into your business. Use MFA, be wary of downloads and do routine checks of your systems computers. Because while the scale of Emotet and its range of uses are alarming, its entry point, via spam, is similar to most other forms of malware. 

Photo by Michael Geiger on Unsplash