One of the world’s most infamous trojans and malware droppers, Emotet, is still a favorite among cybercriminals. One of the significant reasons for this popularity is attributed to the malware’s ability to adapt itself to the changing threat landscape.

The global infection list 

  • As per AdvIntel’s observation, the notorious banking trojan registered over 1.2 million infection attempts throughout 2022. 
  • A significant peak in the trojan’s activity occurred between February and March, the time when the conflict between Russia and Ukraine was in the initial stage.
  • Another peak observed between June and July was linked to Emotet’s usage by threat groups that spun off after Conti's exit, including the Quantum and BlackCat ransomware groups.

What’s the significant update?

  • Emotet has been linked to many destructive ransomware infections and associated with malware like TrickBot, Dridex, QakBot, Conti, BitPaymer, and REvil. 
  • Between November 2021 and June 2022, the trojan was used as an exclusive tool to drop Conti ransomware until it was shut down.
  • Later, between June and July, researchers found usage of Emotet alongside Quantum and BlackCat ransomware. 
  • The attackers utilized Emotet to drop the Cobalt Strike beacon, which enabled attackers to further initiate the ransomware operation. 

What else?

In August, the Emotet botnet infected two education entities in Kansas City, along with several organizations in the financial, legal, and manufacturing sectors. One of these was a finance firm in India. 

What does this indicate?

Updates to Emotet over time have significantly increased the threat that it poses. The malware has moved beyond a banking trojan and evolved into an invasive malware loader to spread a wide range of malicious payloads. Due to its consistency and persistence, malware still remains a threat to individuals, companies, municipalities, and governments alike. 
Cyware Publisher