Emotet was once described as “the most dangerous malware in the world“, but in April it hit the operator. Now, however, the pest is back and security researchers sounded the alarm shortly after the first discovery.
It was a huge success for the security authorities: In April it was announced that the control infrastructure behind the Emotet botnet had been taken over as part of an internationally coordinated campaign. A self-destruct sequence was also sent to the active Trojans on numerous systems. At least that was the relative end of the malware campaign.
It was clear, however, that the group behind the malicious code had not been eliminated and that they could use their resources and source code to reappear in some form. That actually seems to be the case. There is support from the operators of the TrickBot botnet, as shown in a report by the US magazine The Record emerges. It looks like numerous systems controlled by TrickBot are being handed over to Emotet, with the trojan installed there doing the installation with the other malware.
No Attacks Recorded Yet
It is currently unclear what the Emotet operators want to do with their new options. In the past, they used their botnet primarily to start spam campaigns via email, which were then used to send other malware such as ransomware to numerous recipients. However, the newly acquired systems are currently not showing any activity.
Active dissemination from own resources is not currently taking place. Accordingly, the new Emotet infrastructure is not yet particularly efficient. The security researchers are alarmed, however, and are keeping the infrastructure under observation in order to be able to quickly initiate measures to ensure that Emotet does not find its way back to its old size.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.