This notorious malware has returned after months away
Emotet has returned after five months of inactivity
Following five months of inactivity, the Emotet malware has returned according to security researchers from Proofpoint who have observed its comeback in the wild.
First discovered back in 2014, Emotet was originally used to commit banking fraud and for years the malware was widely classified as a banking Trojan. However, later versions of the malware stopped loading their own banking module and began using third-party banking malware instead.
In May of last year, Proofpoint researchers observed Emotet delivering third-party payloads including Qbot, The Trick, IcedID and Gootkit. The malware also now loads modules for spamming, credential stealing, email harvesting and spreading via local networks.
- We've put together a list of the best malware removal software
- Recover your PC after an attack with the best rescue disk
- Also check out our roundup of the best cloud antivirus
Return of Emotet
Proofpoint researchers have observed almost a quarter of a million Emotet messages sent on July 17 and unfortunately this number continues to grow.
TA542 is the threat actor responsible for sending these messages and it appears the group is targeting multiple verticals in the US and UK with English language lures. The messages it has sent out contain malicious Microsoft Word attachments or URLs that link to Word documents and many of these URLs often point to compromised WordPress hosts.
These lures are similar to those sent out in January of this year and they are simple with minimal customization. The messages have subject lines like”RE:” or “Invoice #” followed by a fake invoice number and often include the name of the organization being targeted as well.
Just as other malicious attachments do, the ones sent in TA542's messages request that users enable macros. Once this done though, the Emotet malware is downloaded and installed on the targeted user or organization's systems. The malware then downloads and installs additional modules which it uses to steal credentials, harvest emails and spread across local networks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Now that Emotet has reared its ugly head once again, organizations and individuals should be extra cautious when checking their email and avoid opening any attachments from unknown senders.
- Keep your devices protected online with the best antivirus software
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.