BleepingComputer reports that the Emotet malware operation has launched new email campaigns spamming email addresses around the world, indicating the botnet's reemergence following a nearly five-month hiatus.
Stolen email reply chains have been leveraged by Emotet in the latest email campaign to facilitate malicious Excel attachment distribution, according to Proofpoint threat researcher and Cryptolaemus member Tommy Madjar.
Examination of samples in VirusTotal revealed Emotet's use of various attachments purporting to be invoices, electronic forms, and scans in different languages. Emotet has also leveraged a novel Excel attachment template that could facilitate Microsoft Protected View evasion. While files downloaded from the internet would typically prompt the inclusion of the Mark-of-the-Web flag to enable the file to be opened in Protected View, the new Emotet attachment orders recipients to place a copy of the file in the "Templates" folder in an effort to bypass Protected View.
However, Madjar noted that no additional malware payloads have been deployed so far as part of the latest Emotet campaign.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.