1 min read

Emotet Returns with Updated Modules and New Campaign

Silviu STAHIE

December 31, 2020

Emotet Returns with Updated Modules and New Campaign

The Emotet malware is back after a hiatus of a couple of months, according to new research. The malware is now using updated payloads the operators implemented to avoid detection.

Emotet operators seem to attack in waves, with periods of inactivity in which developers improve and update the malware. Security researchers discovered that Emotet is now active once more after a two-month break. Emails stemming from the Emotet botnet started flowing once more.

The scope of the malware campaign is vast, with infected emails sent in various languages depending on the country, or using different themes, depending on holidays and other significant events. But the main difference is how the malware tells users to enable macros, an essential step in the infection process.

“The document still contains malicious macro code to install Emotet, and still claims to be a “protected” document that requires users to enable macros in order to open it,” say the Cofense researchers.

“The old version would not give any visible response after macros were enabled, which may make the victim suspicious. The new version creates a dialog box saying that “Word experienced an error trying to open the file.” This gives the user an explanation why they don”t see the expected content, and makes it more likely that they will ignore the entire incident while Emotet runs in the background.”

The malware comes with a few updates of its own. The software comes in the form of a DLL initialized by Windows” rundll32.exe. The communication with the command and control center is also more difficult to detect after the operators switched from plain text to binary.

The new Emotet update makes it clear that the malware is here to stay, and that operators will likely keep it up to date to fool as many people as possible and continue to try to trick security solutions.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read