After a short break over the holidays, the Emotet malware returned and is now used by cybercriminals to attack banks and financial institutions in the United States and the United Kingdom, according to a new study from Menlo Security. While Emotet started out as a banking Trojan and later became a botnet, its creators now rent it out to others who want to distribute their own malware. Emotet activity seemed to be slowing down late last year, but unfortunately the malware resurfaced in January. Menlo Security researchers explained how Emotet is now being used in a new campaign to target banks and financial institutions in a blog post detailing their results, saying: "After a break from the holiday season in 2019, attacks Emotet malware rebooted in 2020, this time targeting the financial services industry.Similar to previous versions, the Emotet malware is just the initial attack vector used to launch the attack.The attack starts with a malicious Microsoft Word document designed to be downloaded and opened by the user. Once opened, the malicious macro is executed and contact is made with the command and control server to initiate the next stage of the attack."
Emotet revival
According to Menlo Security, Emotet is now used to launch attacks against organizations in the financial services sector, as well as smaller attacks targeting the food, media, and transportation industries. Three-quarters of the attacks targeted organizations in the United States and the United Kingdom, while the remaining attacks targeted organizations in the Philippines, Spain, and India. As with previous attacks, the malware is spread via phishing emails containing a malicious Microsoft Word document. However, the subject lines of the emails have been changed to directly appeal to workers in the financial sector by including common financial terms. The malicious Microsoft Word document attached to these emails states that users must "turn content on" to view the document. Once a user does this, they allow malicious macros and URLs to deliver Emotet malware to their computer. Since Emotet is now also a botnet, these emails are not coming from a particular source, but from other infected PCs around the world. Falling victim to this malware not only provides an attacker with a backdoor into your system, but also allows them to use your PC to spread Emotet to other users' machines. To avoid being a victim of Emotet, it is highly recommended that users pay close attention to all documents that ask them to activate macros, especially when email arrives from an unknown source. via ZDNet