Emotet malware is back, more dangerous than ever

By looking at the newest data received, cybersecurity researchers were astonished to see that in the latest Trojans and RATs increase, Emotet was suspiciously absent!

Sadly, today the waiting is over they announce; Emotet is back and more dangerous than ever!

While Emotet’s was missing an interesting fact could be observed:
For the past 10 weeks, global combined malicious URL and attachment decreased by nearly 40%. This decrease indirectly showed how strong and active Emotet is while is actively running in the wild. But, despite this decline, overall volumes of banking Trojans and RATs increased by 18% and 55%, respectively, compared with the first part of 2019.

Emotet short history:
Between mid-2017 and May 1, 2019, the hacker group known as TA542 spread the Emotet botnet in hundreds of increasingly large infection campaigns that were conducted in North and South America, Western Europe, Asia, and the Middle East.

During all those campaign time, Emotet evolved from a simple banking Trojan to a modular botnet designed to spread all kinds of new and powerful payloads.

Since May this year, Emotet went silent on the cyberspace. But the danger was not over, researchers say, because even without it being present other banking Trojans and RATs were rapidly filling the gap Emotet left.

Hacker groups known as TA556 and TA544 flooded cyberspace with banking Trojan via large Ursnif campaigns. Other well-known hacker groups distributed Trickbot (37%), and a group known as TA516 spread IcedID (26%).

During the same absence, other hacker groups focused on RATs. The most active was a group known as TA505, which choose to distribute massive loads of threats: FlawedAmmyy (45%) and FlawedGrace (30%).

Emotet’s reappearance:
Immediately after appear, it made up 11% of all malicious payloads for the entire third quarter.

You may ask why was it silent?
When major hacker groups went silent, it’s usually because they lost control of the botnet or need to do some improvements to it. But in this situation, it is unclear why the group went dark for such a long time
This Emotet reappears made researchers noticed that there are a few subtle shifts in how it is operated.

Mainly the hacker group is using the same delivery and infection channel: geographically targeted emails with local-language lures and brands, that are loaded with malicious attachments or links to malicious documents that.

Security advice:
Modern-day cyber attacks are becoming more and more powerful and now technology represents a major player in defending your data. Remember always opt for a cybersecurity solution!

Conclusion:
TA542 hacker group operates all over the world from the US, UK, Canada, and Germany, all the way up to Australia. Other countries were targeted too, the most recent list include Italy, Spain, Japan, Hong Kong, and Singapore.

This means only one thing that, trained hacker groups are getting smarter about geofencing and localization of languages when they craft malicious messages.