Emotet botnet comes back to life with new spam campaigns
The Emotet Botnet has started spreading several new spam campaigns again after a three-month break, according to research from Check Point.
Researchers first reported the notorious botnet taking a break in June 2019, but that the infrastructure had become active again in August. Some of the spam campaigns featured emails which contained a link to download a malicious Word file, and some contained the malicious document itself.
When opening the file, it lures the victims to enable the document’s macros, which then installs the Emotet malware on the victim’s computer. This resurgence makes Emotet the fifth most prevalent malware globally in September.
"It's not clear why the Emotet botnet was dormant for three months, but we can assume that the developers behind it were updating its features and capabilities," says Maya Horowitz, director, threat intelligence and research, products at Check Point. "It's essential that organizations warn employees about the risks of phishing emails, and of opening email attachments or clicking on links that do not come from a trusted source or contact. They should also deploy latest generation anti-malware solutions that can automatically extract suspicious content from emails before it reaches end-users."
The top three 'most wanted' malware in September saw Jsecoin, a JavaScript miner that can be embedded in websites at number one. XMRig, an open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017, at number two. And AgentTesla an advanced remote access trojan functioning as a keylogger and a password stealer at number three.
Mobile malware had Lotoor, a hacking tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices in top slot. AndroidBauts, adware targeting Android users that exfiltrates IMEI, IMSI, GPS Location and other device information and allows the installation of third party apps and shortcuts on mobile devices at two, and Hiddad, Android malware which repackages legitimate apps and then releases them to a third-party store in third.
You can see the full top ten lists on the Check Point blog.
Image credit: ALMAGAMI / Shutterstock