Emotet, once described as “the world’s most dangerous malware” before being taken down by a major international police operation, is apparently back – and being installed on Windows systems infected with TrickBot malware.
Emotet malware provided its controllers with a backdoor into compromised machines, which could be leased out to other groups, including ransomware gangs, to use for their own campaigns. Emotet also used infected systems to send automated phishing emails to increase the size of the botnet – before it was taken out in January this year.
Dismantling the botnet was one of the most significant disruptions of cyber-criminal operations in recent years, as law enforcement agencies around the world – including Europol and the FBI – worked together to gain control of hundreds of Emotet servers that controlled millions of PCs infected with malware. A specially crafted killswitch update created by investigators effectively uninstalled botnet from infected computers in April.
SEE: A winning strategy for cybersecurity (ZDNet special report)
But now researchers from a number of cybersecurity companies have warned that Emotet has returned. Another malware botnet, TrickBot – which became the go-to for many cyber criminals following the January takedown – is being used to install Emotet on infected Windows systems.