Security researchers are seeing signs that the Emotet banking trojan is about to awaken from its latest hiatus by deploying newly improved credential and email stealing modules.

Emotet last came to life in January 2020 but analysts with the Herjavec Group believe the new modules are being placed as a first step toward the launch of a new phishing campaign. If and when this is released targets will find themselves battling its anti-malware evasion and a hashbusting implementation which makes it more dangerous compared to previous versions. Hashbusting ensures that the malware will have a different hash on each system it infects, rendering hash-based detections useless.

Some of the technical changes incorporated include reworked malware code to incorporate the use of a state machine to obfuscate the control flow and branches of code being flattened into nested loops, which enables the code blocks to be in any order and operationally execute in order by the state machine.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.