Emotet Is Back

Emotet is back with massive malspam campaign containing malicious links and documents to install backdoor and deliver other malware.

  • Emotet is active since 2014, recently it made a comeback after five months on 17th July, 20 with massive Malspam campaign. Emotet is not attacking continuously, it comes frequently in intervals attacking specific targets with constantly evolving techniques.

  • This time the campaign sent more than 250,000 emails during the day, mostly targeting people in US and UK. The aim of this campaign is spreading Emotet backdoor that installs ransomware, banking Trojans and others active malware.

  • Emotet is also used to steal passwords, cookies, SSH keys, spread throughout a network.

  • The mail include malicious Microsoft Word documents or PDF files or URLs that point to malicious Word files. Word documents contain macros to install the Emotet backdoor.

  • Emotet as a part of multi stage attack typically waits some days before installing TrickBot banking Trojan or the Ryuk ransomware.