January 26, 2023

Emotet is back

Emotet is a highly adaptable form of malware that has been around since 2014, when it first surfaced as a banking Trojan. Emotet is referred to as a malware “Swiss Army Knife” because it offers attackers a number of methods of infection and subsequent actions. It is frequently used in mass malicious email campaigns, as well as for highly targeted attacks.

Once a target is infected with Emotet, the malware’s operators may use it to download additional malicious payloads for the purposes of credential stealing, banking fraud, ransomware, and more.

Emotet’s infrastructure has alternatively gone silent or has been taken down by law enforcement and then resurrected over the years. Its resilience lies in the ongoing adaptation and mixture of various tools and programs (including ones such as PowerShell, that are built in to Windows systems) along with an ever-changing  array of delivery methods, including email messages that include links that lead to malicious URLs and malware-laced documents, such as pdfs and spreadsheets.

Read more about the latest tactics used by Emotet in this article from The Hacker News:

Emotet Malware Makes a Comeback with New Evasion Techniques


The Hacker News: New Report Uncovers Emotet’s Delivery and Evasion Techniques Used in Recent Attacks (Oct 2022)

Sophos: Emotet malware: “The report of my death was an exaggeration” (Nov 2021)

CISO: Emotet Malware online training

Mitre ATT&CK: Emotet