- Experts believe that the new campaign may have escalated Emotet’s capabilities to espionage.
- The new Emotet variant is capable of infecting even protected systems.
A new troubling Emotet malware campaign was recently detected by security experts. The new malware variant being delivered is capable of stealing victims’ emails in bulk and infecting protected systems. Experts believe that the new campaign may have escalated Emotet’s capabilities to espionage.
The banking trojan has been active since 2014 and has infected thousands of victims across the globe. However, over the last few months, Emotet has been dormant. The new campaign suggests that the malware’s authors may have been working n a new upgraded version of Emotet.
“While it has recently made headlines for delivering ransomware payloads to United States infrastructure such as Water Utilities, Emotet has laid mostly dormant for the past month,” researchers at Kryptos Logic said in a report. “In the past days, however, the mummy has returned just in time for Halloween as we observed a new module capable of exfiltrating email content back to the botnet’s operators.”
Although Emotet was not considered to be a major threat when it first emerged, the malware has since been upgraded to a modular malware. Later, Emotet became capable of installing additional malicious payloads, such as ransomware. However, the malware grew to became a major threat and in July the US-CERTissued out alert warning users about the prolific malware.
“The United States is by a wide margin the most affected country, which is consistent with our earlier report on Emotet,” the researchers added. “While Emotet’s operators may have simply moved to server-side extraction, harvesting data in mass gives provides a weaponized data-driven analytical capability which should not be underestimated, given how effective surgical email leaks have been in the recent past.”