Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware

Technology

The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021.

According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously infected by the former. The latest variant takes the form of a DLL file, with the first occurrence of the deployment being detected on November 14.

Automatic GitHub Backups

Europol dubbed Emotet as the “world’s most dangerous malware” for its ability to act as a “door opener” for threat actors to obtain unauthorized access, becoming a precursor to many critical data theft and ransomware attacks. Interestingly, the loader operation enabled other malware families such as Trickbot, QakBot, and Ryuk to enter a machine.

The resurfacing is also significant not least because it follows concerted efforts on the part of the law enforcement to automatically uninstall the malware en masse from the compromised computers in April.

Prevent Data Breaches

As of writing, malware tracking research project Abuse.ch’s Feodo Tracker shows nine Emotet command-and-control servers that are currently online.

Samples of the new Emotet loader can be accessed here. To prevent devices from being co-opted into the newly active Emotet botnet, network administrators are strongly recommended to block all the relevant IP addresses.

Products You May Like

Articles You May Like

What a government shutdown could mean for air travel
Jessica Knight and Alden Parker: The Romance That Could Change NCIS Forever
Trump taps Silicon Valley execs for key administration roles
The Quiet Revolution of The Defenders: TV’s First Legal Drama with a Conscience
Trump taps former producer of ‘The Apprentice’ as special envoy to U.K. – NBC Los Angeles