Malware, Email security

Emotet malware operation reemerges from hiatus

Share

BleepingComputer reports that the Emotet malware operation has launched new email campaigns spamming email addresses around the world, indicating the botnet's reemergence following a nearly five-month hiatus. Stolen email reply chains have been leveraged by Emotet in the latest email campaign to facilitate malicious Excel attachment distribution, according to Proofpoint threat researcher and Cryptolaemus member Tommy Madjar. Examination of samples in VirusTotal revealed Emotet's use of various attachments purporting to be invoices, electronic forms, and scans in different languages. Emotet has also leveraged a novel Excel attachment template that could facilitate Microsoft Protected View evasion. While files downloaded from the internet would typically prompt the inclusion of the Mark-of-the-Web flag to enable the file to be opened in Protected View, the new Emotet attachment orders recipients to place a copy of the file in the "Templates" folder in an effort to bypass Protected View. However, Madjar noted that no additional malware payloads have been deployed so far as part of the latest Emotet campaign.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.