BleepingComputer reports that the Emotet malware operation has been observed by Cofense and Cryptolaemus to have restarted malspam activity after a three-month hiatus.
More than 500MB in Red Dawn templates, along with a "septet of payload URLs and ugly macros" have been sent by Emotet since Tuesday morning, said Cryptolaemus in a tweet.
Meanwhile, Cofense researchers discovered low volumes of Emotet emails sent since 7 a.m. Eastern as the malware operation continues its infrastructure rebuilding and credential gathering efforts.
Emotet has leveraged emails disguised as invoices, instead of reply chain messages, in its new campaign, with the new emails featuring ZIP archive attachments containing Word documents inflated to be more than 500MB in size, the Cofense report showed.
While such documents contain macros to facilitate the download of Emotet into the system, Microsoft's recent change to disable macros by default in internet-downloaded Office documents could limit the success of Emotet's new efforts.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news