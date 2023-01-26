Emotet is a malware that has been discussed a lot in 2021, in computer security circles, in recent years, and if in 2022 it seemed to have returned to disappear, now it seems not to want to leave the scene, again.

Proponents of this malware have continued to refine its tactics in an effort to keep it undetected, while also serving as a conduit for other dangerous malware such as Bumblebee and IcedID.

Emotet, which has officially resurfaced at the end of 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, it continued to be a very persistent threat, which was distributed via phishing emails.

Emotet, who’s behind it?

Attributed to cyber criminal group tracked as TA542 (also known as Gold Crestwood or Mummy Spider), the virus itself evolved from banking trojan to malware distributor since it first appeared in 2014.

Malware-as-a-service (MaaS) is also modular, and is capable of implementing a number of proprietary and freeware components that can siphon sensitive information from compromised machines and perform other tasks beyond those already documented.

Two latest additions to Emotet’s various module “armaments” included one SMB spreader designed to facilitate lateral movement using a decrypted list of usernames and passwords, as well as steal credit cards; Of note, this malware mainly targets the web browser Google Chrome.

Recent hacking campaigns involving this botnet have used generic baits with infected attachments to initiate the series of hacking attacks; however with macros becoming an outdated method of payload distribution and initial infection, the attacks have “bonded” to other methods of hacking into Emotet’s malware detection tools.

“With the latest wave of spam emails from Emotet, attached .XLS files have a new method to trick users into allowing macros to download the dropper“, has revealed BlackBerry in a report released last week. “Other than that, the new Emotet variants have now moved from 32-bit to 64-bit, as another method of evading detection.”

The method involves persuading victims to move decoy files, such as Microsoft Excel files to the default Office Templates folder in Windows, a trusted location for the operating system, to run malicious macros embedded in documents to distribute infected code by Emotet.

The development of this fact therefore confirms Emotet’s continuous attempts to reorganize itself and propagate other malware, such as Bumblebee and IcedID.

“With its constant evolution over the past eight plus years, Emotet has continued to become more sophisticated in terms of evasion tactics [dai software di rilevamento]; it added more modules in an attempt to propagate itself further and is now spreading malware via phishing campaigns“, the well-known Canadian cybersecurity company BlackBerry later added.

How do you defend yourself against Emotet and malware in general?

As we have already read between the lines in the previous paragraph, this malware spreads via e-mail in the form of an attachment, therefore, when you see some strange or suspicious email and you see some attachment that seems legitimate, it may seem trivial but don’t download it.

Unfortunately (or fortunately) the famous hacker “attacks” are mostly end user carelessness; I know it’s hard to accept, but since these “attacks” are mostly emails that are opened with the attachments accepted later, it can technically be said that there is no ransomware attack.

The various antivirus and antimalware can come in handy, however, we will have to wait for the software houses to update the definitions, until that day: pay attention to the emails!