Recently, cybersecurity experts have issued a warning that the notorious Emotet botnet malware is showing signs of a comeback and has the potential to cause more damage than ever before.
In January of this year, law enforcement agencies in Europe and North America collaborated as part of a coordinated effort to disrupt and take down the Emotet botnet.
This malware has clearly changed its tactics.
However, many providers and security experts around the world, including the German cybersecurity group Cryptolaemus, software company GData, and Advanced Intel, have detected signs that Emotet malware is about to become active again.
According to internal processing, these DLL files have been identified as Emotet malware… Currently, “we are highly confident that these movements are signs of the notorious Emotet malware’s resurgence.” Information from GData states: “Around 9:26 PM UTC on November 14, we observed on some of our Trickbot trackers that the bot attempted to load a dynamic link library (DLL) file into the system.”
Emotet malware has evolved into a suitable solution for cybercriminals, using its infrastructure to access targeted systems on a global scale. Its operators then sell this access to other cybercrime groups to deploy ransomware, including Ryuk, Conti, ProLock, Egregor, and several others.
Reporting on the development of Emotet malware, the tech news site BleepingComputer notes that this malware has undergone a clear tactical shift, with the threat actors behind Emotet’s resurgence currently employing a method named “Operation Reacharound” to rebuild the Emotet botnet using the existing infrastructure of TrickBot malware.
The Cryptolaemus security expert group has also begun analyzing the new Emotet loader and has discovered changes compared to previous versions. This group stated: “So far, we can definitely confirm that the command buffer has changed. There are now 7 commands instead of the previous 3 to 4 commands. It appears that different execution options for the downloaded binaries have been implemented.”
Security researchers also believe that while they have not found any signs indicating that the Emotet botnet is engaging in spam activities or discovered any malicious documents containing malware, it is only a matter of time.
Regarding this issue, cybersecurity expert Vitali Kremez from Advanced Intel commented: “This is an early sign of the potential resurgence of Emotet malware, which will drive significant ransomware activities globally in the near future.”
- The most mysterious images on Google Maps that make everyone think they were taken on another planet
- Cornered by a “dragon pack,” a deer leaps into the sea to escape: Will it survive?
- The strange death ginseng: To try it, you must sign a commitment; those who are toxic cannot survive after consuming it
