Emotet Makes a Comeback

The popular Trojan has re-emerged on the scene several months after the botnet infrastructure behind it was disrupted by law enforcement.

The once-pervasive malware tool Emotet has risen from the ashes months after international law enforcement agencies coordinated a takedown of its botnet infrastructure

Multiple security vendor research teams have spotted the Trojan in the wild, and it appears to be reconstructing its infrastructure with the help of the TrickBot botnet, which is helping transport the malware. Emotet long had been a key weapon in ransomware and data-theft cybercrime. But experts predicted it might have been down, but it wasn’t out.

Emotet still comes via rigged Office or zip files, often with other malware that establishes the command-and-control conduit to the attacker.

“Emotet is currently being distributed via TrickBot, which we associate with the eCrime adversary group: WIZARD SPIDER. As we suspected, the dismantling of the Emotet network by Europol in January 2021 only had a temporary effect,” Adam Meyers, senior vice president of CrowdStrike, said in a statement “WIZARD SPIDER, is a sophisticated eCrime group whose arsenal also includes malware such as Ryuk, Conti, and Cobalt Strike. The takeover of Emotet by WIZARD SPIDER impressively shows how resilient the eCrime milieu has become by now.”

reference – Darkreading