Emotet is a kind of malware known as banking Trojans. Malspam, or spam emails carrying malware, is the most common way for it to propagate (hence the term). To persuade consumers, these communications frequently feature recognizable branding, imitating the email structure of well-known and reputable firms such as PayPal or DHL.
In the past, the Emotet virus was thought to be the most frequently distributed malware, thanks to spam operations and infected attachments.
Emotet would then utilize compromised devices to carry out more spam campaigns and install other payloads like the QakBot (Qbot) and Trickbot malware. These payloads would subsequently be utilized to give threat actors, such as Ryuk, Conti, ProLock, Egregor, and others, early access to disseminate ransomware.
An international law enforcement operation led by Europol and Eurojust took over the Emotet infrastructure and detained two people at the start of the year.
The infrastructure that was used by EMOTET involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts.