Emotet is Back and Possibly Poised to Fuel Major Ransomware Operations
DHS plan aims to boost CISA's cybersecurity workforce, Moses Staff's motivations are purely political, Newly discovered flaws could crash Zoom, Ransomware hits Turkey's top food delivery site, more
Despite an international operation that took over the notorious cybercrime Emotet infrastructure in January, and following a German law enforcement action that erased Emotet malware from infected devices in April, researchers from Cryptolaemus, GData, and Advanced Intel have begun to see the TrickBot malware dropping a loader for Emotet on infected devices.
The researchers say that the threat actors behind this revival are now using a method dubbed "Operation Reacharound" to rebuild the Emotet botnet using TrickBot's existing infrastructure. Although Emotet used spam campaigns in the past, there are no signs of spamming activity now, nor are any malicious documents dropping the malware. These changes are likely due to Emotet infrastructure being rebuilt from scratch and new reply-chain emails being stolen from victims in future spam campaigns.
"It is an early sign of the possible impending Emotet malware activity fueling major ransomware operations globally given the shortage of the com…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.