Continuous technique and command-and-control infrastructure changes have been conducted by Emotet malware operators in a bid to bypass detection, reports The Hacker News.
Initially conceived as a banking trojan in 2014, Emotet has evolved into an all-purpose loader two years later, and while the botnet had its infrastructure dismantled in January 2021, it has been resurrected through the help of the TrickBot malware by the now-defunct Conti group. A report from VMware revealed that three different techniques have been used in attacks deploying Emotet in January, with some of the infection pathways involving exploitation of the mshta.exe executable in a confused deputy attack. Meanwhile. Excel documents were discovered to have dropped 26.7% of almost 25,000 unique Emotet DLL artifacts. Emotet has also operated new botnet clusters Epochs 4 and 5 upon its reemergence, with Epoch 5 C2 servers reused by 10,235 Emotet payloads from March 15 to June 18. Researchers also found that two new plugins have also been delivered by the malware.
Numerous web browsers and cryptocurrency wallets on Windows systems are being targeted by the new Bandit Stealer information-stealing malware, which could also evade Windows Defender, and be used to facilitate data breaches, account takeovers, identity theft, and credential stuffing attacks, reports The Record, a news site by cybersecurity firm Recorded Future.
BleepingComputer reports that recent phishing attacks by the QBot malware operation, also known as Qakbot, have involved the exploitation of a DLL hijacking flaw in the Windows 10 WordPad executable "write.exe."