Emotet Trojan Shows Strong Resurgence as it Reboots Itself

Emotet trojan returns

• In November 2021, the Emotet trojan reportedly made a strong comeback with the help of TrickBot.
• Since that time, the trojan has matured with new functions and modules to target more organizations.
• According to Black Lotus Labs’ telemetry, the trojan has infected approximately 130,000 systems across 179 countries in the last 4 months.
• Security experts explain that while Emotet’s C2 infrastructure was reestablished in November, the rise in attacks was observed from this January.
• Furthermore, the researchers also warned about a new version of the trojan with some minor changes in the tactics.

About the new version

• The threat intelligence team noted that the new Emotet includes a feature like new elliptic curve cryptography (ECC) scheme for network traffic protection and validation.
• Moreover, the new version deploys a process list module only after the connection with the C2 has been established.
• Among the other new features, the malware authors have now added more info-gathering capabilities to the trojan. 

Additional information

• Recently, Fortinet’s FortiGuard Labs spotted more than 500 Microsoft Excel files that were involved in a campaign to deliver Emotet onto the victims’ devices.
• The Excel file showed a fake yellow warning that lured victims to click on the ‘Enable Content’ button to view the content of the file. Instead, this caused the download of malicious macros that later deployed the trojan.
• In a different incident, Palo Alto Network had also reported about an Emotet trojan phishing attack campaign that leveraged hijacked email conversations to target employees.

Conclusion