Emotet is Back and Spamming Again

[silversurfer]

A notorious botnet has begun sending out spam again after a several month hiatus, which could spend bad news for organizations around the world.
 
Emotet has been dormant for around four months, but starting pumping out spam on Monday morning, with phishing emails sent in German, Polish, English and Italian, according to Malwarebytes.
The firm said that an uptick in command-and-control (C2) server activity forewarned it of a return to the front line for the infamous botnet.
 
In this new campaign, users are tricked into opening an attached document and enabling macros, triggering a PowerShell command which will try to download Emotet from compromised sites, often those running WordPress.
 
“Once installed on the endpoint, Emotet attempts to spread laterally, in addition to stealing passwords from installed applications. Perhaps the biggest threat, though, is that Emotet serves as a delivery vector for more dangerous payloads, such as ransomware,” warned Malwarebytes.

Read more here: https://www.infosecurity-magazine.com/ne...ing-again/

[silversurfer]

Emotet Tries to Infect You By Claiming It's Snowden's Book

Emotet has started a new spam campaign that pretends to be a scanned copy of Edward Snowden's new book. Unsuspecting users who open the attachment and enable its content will find that they have become infected with Emotet, most likely Trickbot, and possibly other malware.

Read more here: https://www.bleepingcomputer.com/news/se...dens-book/