Welcome to the

Bit Guardian Blog

Ad Guardian PlusNews

Emotet botnet returned to steal passwords

Malware disguised

Emotet, a well-known botnet has begun sending out spam, again. About four months ago, the botnet stopped its campaigns but restarted pumping spam this morning. The emails were written in German, Polish, English and Italian users.

The users are tricked to open an attached document and enable macros, which triggers a PowerShell command to download Emotet from compromised sites, especially those running WordPress.

Malwarebytes warned that once installed “Emotet attempts to spread laterally, in addition to stealing passwords from installed applications. Perhaps the biggest threat, though, is that Emotet serves as a delivery vector for more dangerous payloads, such as ransomware.”

They also added that “Compromised machines can lay in a dormant state until operators decide to hand off the job to other criminal groups that will attempt to extort large sums of money from their victims. In the past, we’ve seen the infamous Ryuk ransomware being deployed that way.”

Ryuk is linked to the North Korean Lazarus Group, is thought to have made almost $3.8m for its operators in six months.

Emotet was originally a banking Trojan that was re-written to function as a malware loader. Its operators sell access to the botnet for clients to use as a malware distribution network.

According to Malwarebytes, Emotet malware was detected and removed over 1.5 million times between January and September 2018 alone. In July last year, US-CERT released an alert about Emotet and its capabilities.

Related posts
Ad Guardian PlusNews

Google offices remain empty until July 2021, Sundar Pichai announced

Ad Guardian PlusNews

A Windows 10 update fixes Excel, File Explorer bugs and more

Ad Guardian PlusNews

New TikTok competitor comes from Facebook's Instagram

Ad Guardian PlusNews

Google to buy new users with its $10bn plan for India

Leave a Reply

Your email address will not be published. Required fields are marked *