Emotet botnet down for maintenance
June's Global Threat Index from Check Point reveals that the botnet behind the Emotet banking Trojan has been inactive for most of the month.
Check Point's researchers believe that Emotet's infrastructure could be offline for maintenance and upgrade operations, and that as soon as its servers are up and running again, it will be reactivated with new, enhanced threat capabilities.
Emotet has featured in the top five malware globally during the first six months of 2019, and has been distributed in massive spam campaigns.
"Emotet has been around as a banking Trojan since 2014. Since 2018 however we have seen it being used as a botnet in major malspam campaigns and used to distribute other malwares. Even though its infrastructure has been inactive for much of June 2019, it was still #5 in our global malware index, which shows just how much it is being used -- and it's likely that it will re-emerge with new features," says Maya Horowitz, director threat intelligence and research at Check Point. "Once Emotet is installed on a victim's machine, it can use it to spread itself via further spam campaigns, download other malwares (like Trickbot, which in turn infects the entire hosting network with the infamous Ryuk Ransomware), and spread to further assets in the network."
On mobile the Lotoor Android malware which repackages legitimate apps with adware and then releases them to a third-party store tops the cart. Second is Triada a modular backdoor for Android, and new in third place Ztorg a Trojan that obtains escalated privileges on Android devices and installs itself in the system directory.
The full list of most wanted malware for June can be found on the Check Point blog.