Earlier this year, the Europol delivered one of the biggest blows against cybercrime in recent years in the old continent, where, in a joint action between the authorities of countries like the United States, Germany and the Netherlands, among others, it dismantled the network of 'bots'of the dangerous'malware' Emotet, which since 2014, the year of its birth, has been able to generate losses close to 2,21 billion euros.
Now, 10 months after his disappearance, several analysts and cybersecurity companies warn that he is back, according to the Spanish newspaper 'ABC' this Thursday.
"Interestingly enough, this time around, criminals are using the existing TrickBot infrastructure to rebuild the Emotet botnet. So far, massive spam campaigns have not been detected, normally used by this threat to propagate through attachments in Word or Excel format, although some emails that are being sent from the compromised computers have been detected.” explained Josep Albors, head of research and awareness at cybersecurity company ESET.
In 2019, the Australian Cybersecurity Center alerted organizations in your country of a vast global cyber threat from malware Emotet, which is a sophisticated Trojan horse that can steal data and also carry other malware with it. The operability of this malware it's like a not very sophisticated password: a reminder of the importance of creating a secure password to protect against cyber threats.
BUT: Ransomware: How Dangerous Is It And What Can Be Done About It?
Then the Emotet is a trojan predominantly spread through fraudulent emails (malspam), where this infection can arrive via malicious script, document files macro-enabled or malicious link. It should be noted that the emails com Emotet may contain family promotions designed in such a way that they look like a e-mail legitimate, as well as trying to persuade users to click on malicious files, using catchy language about “Your Invoice”, “Payment Details” or possibly the upcoming arrival of an order from well-known transport companies.
According to the news, the malicious software was again visible last Monday, November 15th, which highlighted that the Emotet currently found “has more possibilities for cybercriminals” than the previous one, although the way of spreading is the same as always.
"The first thing they do is try to infect a machine through the typical bait of a file in an email. The models are also very similar to the ones they used in the past."
The specialist goes on to say that now there is a "rebuilding Emotet from scratch".
"Previously, it was used by various cybercriminal groups to spread other types of malicious code. Now they are using the Trickbot (a Trojan used to steal information that lets you control all infected devices remotely) to grow back using the infrastructure that still exists from another botnet and from there start weaving its own again. "
