Malware, Threat Management

Emotet malware’s continuous evolution examined

Continuous technique and command-and-control infrastructure changes have been conducted by Emotet malware operators in a bid to bypass detection, reports The Hacker News. Initially conceived as a banking trojan in 2014, Emotet has evolved into an all-purpose loader two years later, and while the botnet had its infrastructure dismantled in January 2021, it has been resurrected through the help of the TrickBot malware by the now-defunct Conti group. A report from VMware revealed that three different techniques have been used in attacks deploying Emotet in January, with some of the infection pathways involving exploitation of the mshta.exe executable in a confused deputy attack. Meanwhile. Excel documents were discovered to have dropped 26.7% of almost 25,000 unique Emotet DLL artifacts. Emotet has also operated new botnet clusters Epochs 4 and 5 upon its reemergence, with Epoch 5 C2 servers reused by 10,235 Emotet payloads from March 15 to June 18. Researchers also found that two new plugins have also been delivered by the malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.