Geeks for your information

Full Version: Emotet Returns in Malspam Attacks Dropping TrickBot, QakBot
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Quote:Emotet has returned after a five-month hiatus. Researchers first spotted the malware in a campaign that has spammed Microsoft Office users with hundreds of thousands of malicious emails since Friday.
 
The malware first emerged in 2014, but has since then evolved into a full fledged botnet that’s designed to steal account credentials and download further malware – in this most recent case, banking trojans such as TrickBot and QakBot.
 
After its return last week, the botnet has sent more than 250,000 messages throughout the day to email recipients in the U.S., United Kingdom, Argentina, Brazil, Canada, Chile, Ecuador and Mexico, according to reports.
 
“The new campaign sports longtime Emotet tactics: emails carrying links or documents w/ highly obfuscated malicious macros that run a PowerShell script to download the payload from 5 download links,” according to Microsoft Security Intelligence researchers on Twitter.

The spam emails contain either a URL or an attachment, and purport to be sending a document in reply to existing email threads – a known trick of Emotet.

Read more: https://threatpost.com/emotet-returns-in...ot/157604/