Emotet is back spamming after months of inactivity and currently using stolen emails to reply to existing email threads with malspam.
One of today’s largest and most dangerous malware botnets has returned, after having been silent for four months. During that time, the botnet’s command, and control (C&C) Servers were shut down and Emotet stopped sending out commands to infected bots, and new email campaigns to infect new victims.
According to Malwarebytes, Emotet started pumping out spam with phishing emails sent in German, Polish and Italian. Users who receive these emails are then tricked into opening an attached document enabling macros, triggering a command exposing themselves to becoming infected with the Emotet malware. Once infected, computers are added to the Emotet botnet. The Emotet malware on infected machines acts as a downloader for other threats.
Unfortunately, compromised machines can often lay dormant until operators decide to pass the job to other criminal groups who will then try to extort large sums of money from their victims. Emotet was originally a banking trojan that was re-written to function as a malware loader.
Emotet is known to extract passwords from local apps, spreading to other computers on the same network, often stealing email threads for use later.
If you are unsure whether an email is legitimate or not, never click on to hyperlinks or open attachments. Our advice DELETE the email.
Give us a call 0330 2020 340 to discuss how we can help protect you and your business.
www.amshire.co.uk solutions@amshire.co.uk @amshire