Emotet malware reemerges, building botnet via Trickbot malware

Bad news for the cybersecurity fraternity. Emotet malware that was dubbed the “World’s Most Dangerous” and “Widely Spread Malware” is back.

As per a report from security researcher Luca Ebach, the notorious TrickBot malware is now used as an entry point for distributing a new version of Emotet malware on the systems TrickBot previously owned.

This new variant emerges from a DLL file, and the first deployment was detected on Nov 14. Today, Advanced Intel, GData, and Cryptolaemus researchers have announced that they have discovered TrickBot malware dropping Emotet loader on infected devices.

Previously, Emotet malware was distributed through malicious documents/attachments and installed QakBot/QBot and Trickbot malware after infecting the devices, offering access to attackers to deploy ransomware like:

1. Conti

2. Ryuk

3. Egregor

4. ProLock

How Emotet was Tracked

Earlier in 2021, a coordinated operation spearheaded by Europol and Eurojust took down the Emotet infrastructure and detained two individuals. After that action, the malware operators went underground.

On the other hand, German law enforcement delivered an Emotet module to uninstall the malware from infected devices on Apr 25, 2021, as part of “Operation Ladybird.”

Emotet Resurfaces with a New Technique

Cryptolaemus researcher and Emotet expert Joseph

Read More: https://www.hackread.com/emotet-malware-reemerges-botnet-trickbot-malware/