Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware

Technology

The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021.

According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously infected by the former. The latest variant takes the form of a DLL file, with the first occurrence of the deployment being detected on November 14.

Automatic GitHub Backups

Europol dubbed Emotet as the “world’s most dangerous malware” for its ability to act as a “door opener” for threat actors to obtain unauthorized access, becoming a precursor to many critical data theft and ransomware attacks. Interestingly, the loader operation enabled other malware families such as Trickbot, QakBot, and Ryuk to enter a machine.

The resurfacing is also significant not least because it follows concerted efforts on the part of the law enforcement to automatically uninstall the malware en masse from the compromised computers in April.

Prevent Data Breaches

As of writing, malware tracking research project Abuse.ch’s Feodo Tracker shows nine Emotet command-and-control servers that are currently online.

Samples of the new Emotet loader can be accessed here. To prevent devices from being co-opted into the newly active Emotet botnet, network administrators are strongly recommended to block all the relevant IP addresses.

Products You May Like

Articles You May Like

Virgin River Season 6 Ending Explained: Is Charmaine Alive?
All American Season 7 Trailer Shows New Rivalries on The Field as Familiar Faces Return
Claremont’s new bike lanes stir confusion for some drivers – NBC Los Angeles
How To Find Comfortable Dress Shoes For Men
Trump’s 25% tariffs an existential threat to Canada’s auto industry