Emotet malware is back and rebuilding its botnet via TrickBot

Share on linkedin
Share on facebook
Share on twitter

The Emotet malware was considered the most widely spread malware in the past, using spam campaigns and malicious attachments to distribute the malware.

Emotet would then use infected devices to perform other spam campaigns and install other payloads, such as the QakBot and Trickbot malware.

Today, researchers from Cryptolaemus, GData, and Advanced Intel have begun to see the TrickBot malware dropping a loader for Emotet on infected devices.

While in the past, Emotet installed TrickBot, the threat actors are now using a method dubbed “Operation Reacharound” to rebuild the Emotet botnet using TrickBot’s existing infrastructure.

Emotet expert and Cryptolaemus researcher Joseph Roosen told BleepingComputer that they had not seen any signs of the Emotet botnet performing spamming activity or found any malicious documents dropping the malware.

Advanced Intel’s Vitali Kremez has also analyzed the new Emotet dropper and warned that the rebirth of the malware botnet would likely lead to a surge in ransomware infections.

Stay on Top of Cyber Threats!

Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Follow us on Socials:

Recent Cybersecurity News

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency...
Read The Article

Emotet now spreads via fake Adobe Windows App Installer packages

The Emotet malware is now distributed through malicious Windows App Installer packages that...
Read The Article

Critical Wormable Security Flaw Found in Several HP Printer Models

Cybersecurity researchers on Tuesday disclosed multiple security flaws affecting 150 different multifunction printers...
Read The Article

Contact a Specialist

Discover why 1,000+ organizations trust our expertise to improve their cybersecurity.

Stay Updated on Cyber Risks!

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.
This site is registered on wpml.org as a development site.