- Emotet, the infamous banking trojan has emerged again in the radar after a dip in its activity.
- The latest version of Emotet can bypass spam filters in email services allowing attackers to send more emails.
Widely distributed banking malware Emotet is back with a new face. This time, it packs a new feature that evades spam filters. It spreads itself with different genuine-looking email addresses.
Furthermore, newer mails have Microsoft Word attachments with embedded macros that downloads Emotet.
Dual Campaigns
Cisco Talos, which tracked Emotet’s recent activities gives an account of the malware’s campaigns in its blog. According to the post, the campaigns are segregated into two different types as usual, except the second type relies on a URL to download the software.
“These campaigns are no exception — we have seen various subject lines focusing primarily around invoices and package deliveries. The emails also use different languages, » stated the blog.
« Once a user opens the email message and opens the attachment or clicks the link, malware is downloaded to the system using either code embedded in the attachment or directly from the website in the case of URL-based emails,” the researchers further explained.
No activity in Russia
Another source shows that Emotet has altogether avoided Russia and has no command-and-control servers in the region. This indicates that the attackers are likely not based in Russia.
Altogether, despite its widespread presence, Emotet is continuing to evolve and is deployed mostly to steal monetary information.
Source:https://cyware.com/news/banking-trojan-emotet-is-back-in-a-new-form-20fead7d