Banking trojan Emotet is back in a new form

cyber
  • Emotet, the infamous banking trojan has emerged again in the radar after a dip in its activity.
  • The latest version of Emotet can bypass spam filters in email services allowing attackers to send more emails.

Widely distributed banking malware Emotet is back with a new face. This time, it packs a new feature that evades spam filters. It spreads itself with different genuine-looking email addresses.

Furthermore, newer mails have Microsoft Word attachments with embedded macros that downloads Emotet.

Dual Campaigns

Cisco Talos, which tracked Emotet’s recent activities gives an account of the malware’s campaigns in its blog. According to the post, the campaigns are segregated into two different types as usual, except the second type relies on a URL to download the software.

“These campaigns are no exception — we have seen various subject lines focusing primarily around invoices and package deliveries. The emails also use different languages,” stated the blog.

“Once a user opens the email message and opens the attachment or clicks the link, malware is downloaded to the system using either code embedded in the attachment or directly from the website in the case of URL-based emails,” the researchers further explained.

No activity in Russia

Another source shows that Emotet has altogether avoided Russia and has no command-and-control servers in the region. This indicates that the attackers are likely not based in Russia.

Altogether, despite its widespread presence, Emotet is continuing to evolve and is deployed mostly to steal monetary information.

Source:https://cyware.com/news/banking-trojan-emotet-is-back-in-a-new-form-20fead7d

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Next Post

PHP PEAR official site hacked, tainted package manager distributed for 6 months

PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months. Bad news for users that have downloaded the PHP PEAR package manager from the official website in the past 6 months because hackers have replaced it with a […]