Almost a year after an international law enforcement effort supposedly defeated it, Emotet, aka “the world’s most dangerous botnet,” has returned. Earlier this week, German security researcher Luca Ebach reported seeing malware with Emotet-like characteristics deployed on Windows machines. After a manual investigation, Ebach discovered that his test devices, which had already been infected with TrickBot trojans, were indeed trying to download an Emotet-like DLL. Describing the malware’s resemblance to Emotet, Ebach observed that it “smells like Emotet, looks like Emotet, behaves like Emotet – seems to be Emotet.”
Since then, Ebach’s observations have been confirmed by other cybersecurity experts such as Whitehat hacking group Cryptolaemus who have also noted that the recently observed version of Emotet also appears to have evolved new methods of obfuscation. Researchers at the Bern University of Applied Sciences now report that the number of Emotet command and control nodes has doubled since the start of the week. Clearly, Emotet is coming back strong, and it is invisible to Antivirus (AV) solutions that leverage breach prevention solutions, such as Morphisec, that use Moving Target Defense to stop advanced attacks like Emotet that AV and EDR cannot stop.
Network Access for Rent