Emotet Botnet Returns | Researchers Say it was Once the 'World's Most Dangerous Malware'

Watch Out for Gigabyte Motherboards Shipped with Firmware Backdoor, Experts Warn
Watch Out for Gigabyte Motherboards Shipped with Firmware Backdoor, Experts Warn Image from Michael Dziedzic on Unsplash

Emotet botnet was once known as the "world's most dangerous malware" before being taken down by a major international police operation. However, the dangerous malware is apparently back and is being installed on Windows systems that are infected with the TrickBot malware.

World's Most Dangerous Malware

Europol once described Emotet as the "world's most dangerous malware" due to providing backdoor access to its controllers. The malware compromises machines which can be leased to groups like ransomware gangs for their own campaigns.

Emotet has been using infected systems to send out automated phishing emails to help increase the total size of this botnet. According to the story by ZDNet, Emotet was initially taken down in January of this year.

Emotet Botnet

Dismantling the Emotet botnet had turned out to be one of the most significant disruptions of cyber-criminal operations. Europol and the FBI and law enforcement agencies worldwide worked together to gain control of hundreds of servers being used by Emotet controlling millions of PCs that were infected with the malware.

In April, investigators specially crafted a new killswitch update to uninstall the botnet from infected computers. Researchers from different cybersecurity companies have warned that Emotet has finally returned.

TrickBot Botnet Used to Install Emotet

TrickBot, another malware botnet, is also being used to install Emotet on the infected Windows systems. TrickBot became the go-to for a lot of cybercriminals after the takedown in January.

In a blog post, a security researcher at G Data, at known German cybersecurity company, Luca Ebach, gave a statement. According to Ebach, they observed on a number of their Trickbot trackers that the bot tried to download a particular DDL to the system.

DDLs Identified as Emotet

The internal processing showed that the DDLs had been identified as Emotet. Ebach said that since the botnet was already taken down in January, they were suspicious about their findings and decided to conduct an initial manual verification.

He added that as of the moment, they have high confidence that the samples seem to be a new reincarnation of the once infamous Emotet. AdvIntel and Crypolaemus cybersecurity researchers and others have also confirmed that it looks like Emotet is returning.

Emotet Doesn't Try to Redistribute Itself

However, the new Emotet appeared to be using a different type of encryption technique compared to before. As of the moment, Emotet isn't trying to redistribute itself but rather relies on TrickBot to spread new infections.

However, it does indicate those behind Emotet are now trying to get the botnet running yet again. The Team Cymru chief architect of community services and senior security evangelist James Shank said that the relationship between the old Emotet still shows code overlap as well as technique overlap.

Chank says that it will still take some time in order to see how Emotet rebuilds and whether or not it can become the "world's most dangerous malware" yet again.

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics