HQ/EMEAFind out how we can help your business
The cybercriminal landscape noted the Emotet malware’s comeback, whereby it was seen being utilised in a widespread malspam campaign that drops malware payloads on targeted networks. Since the beginning of November, security researchers have detected hundreds of thousands of spam emails sent daily, indicating the surge of activities deployed by Emotet to deliver malware.
Late last year, Emotet malware’s operators launched a revival campaign after authorities had dismantled its infrastructure in January 2021. Dubbed the “world’s most dangerous malware,” Europol stated that Emotet had functioned as a gateway for cybersecurity threats against computer systems.
One of the malware’s luring techniques includes email thread hijacking, which eventually leads to the deployment of payloads on the victims’ machines that will then facilitate ransomware and data theft.
The new Emotet malspam campaign targeted the US, the UK, Italy, Japan, Spain, Germany, Brazil, France, and Mexico.
Since last July, an infrequent volume of infections has already been detected on Emotet. However, security researchers began to be alarmed by more active malicious operations of the malware around the first couple of weeks of October, indicating an upcoming new wave of attacks.
After Microsoft announced the disablement of default macros in MS Office documents downloaded online, numerous malware operators, including the Emotet malware operators, have strayed from utilising it in attacks and reused other delivery methods, such as LNK and ISO files.
Emotet’s operators have also upgraded the malware, incorporating new commands and packer updates that are believed to resist reverse engineering.
In the recently observed malspam campaign, Emotet had distributed the IcedID loader’s new variant that can receive commands from an attacker-controlled remote server to read and send malicious file contents. As the IcedID loader gets released, security experts said it could also deliver follow-up ransomware to the compromised computers.
The Bumblebee loader is also one of the payloads deployed by the malware in recent campaigns. Since 2021, Emotet malware has not delivered other payload variants besides Cobalt Strike.
