After a year since its shutdown, the Emotet malware operation has resurfaced in the threat landscape to continue its attacks. Security analysts listed the malware as the top malicious tool deployed by its operators, which impacted about 10% of firms worldwide in March of this year.
Moreover, the analysts have observed a rapid acceleration of a campaign using spam emails that trick its victims into installing the Emotet or Qbot malware, allowing the hackers to infiltrate their devices to steal data and spread across networks to inject ransomware. The campaign also aims to spread banking trojan among its victims.
The Qbot malware, on the other hand, is a backdoor associated with Emotet’s developers, capable of accessing and stealing emails.
Experts revealed that over 3,000 malicious emails linked to Emotet were detected in February, with another 30,000 in March. These emails were written in different languages, such as English, Russian, Spanish, French, Polish, and Italian.
The malware operators lure the victims into opening the emails attached with a malicious link and file by saying that it contains valuable information or offers that would benefit the recipient.
The Emotet malware showed signs of reemergence after security teams detected that one of the malware’s subgroups had updated from 32-bit to 64-bit on loaders and stealer modules.
Furthermore, experts were surprised how the malware had quickly put itself back to the top despite the law enforcement agencies coming together to take it down several times in the past. The authorities have also arrested some threat operators in their bases in Ukraine.
From a statement, Europol highlighted that the Emotet campaign had impacted millions of machines and companies worldwide, ensuing a massive raid operation that aimed to disrupt its infrastructure and seize its operators.
In an unfortunate turn of events, experts have again detected the notorious malware being active since November last year and had gained momentum after the Trickbot botnet’s infrastructure was shut down last February. The experts added that Emotet had become the most prevalent malware since its return.
