Botnet Emotet is back

top cybersecurity companies

Hackers spread the malware using the Trickbot botnet. According to researchers, there are indications that the people behind it are trying again to set up their own Emotet botnet.

Emotet, once referred to as “the most dangerous malware in the world”, is apparently back again – and is being installed on Windows systems that are infected with the TrickBot malware. The botnet was actually destroyed at the beginning of the year as part of an international police operation.

The Emotet malware gives its backers access to compromised computers that are rented to other groups, including ransomware gangs, to use for their own campaigns. Emotet also uses the infected systems to send automated phishing emails in order to enlarge the botnet.

But now researchers from several cybersecurity companies are warning that Emotet has returned. “We observed on several of our trick bot trackers that the bot tried to download a DLL onto the system. After internal processing, these DLLs were identified as Emotet. However, since the botnet was switched off at the beginning of the year, we were suspicious and carried out an initial manual check, ”writes Luca Ebach, security researcher at G Data, in a blog post. “We are currently very confident that the rehearsals are actually a reincarnation of the infamous Emotet.

Currently, Emotet is not attempting to spread itself further, instead relying on TrickBot to spread new infections – but it suggests that the people behind Emotet are trying to revive the botnet. “The relationship between this new variant and the old Emotet show code and technology overlaps,” James Shank, senior security evangelist at Team Cymru, told Pentest7.com. His security company helped break up Emotet in January.

Leave a Reply

Your email address will not be published. Required fields are marked *