Half a year after it was removed from all computers in the world, “the most dangerous malware” is here again

The infamous Emotet malware has returned and is active again almost ten months after an international police operation managed to take control and dismantle the botnet infrastructure at the end of January this year.

The comeback is a surprise because, after Emotet’s server infrastructure was taken over, On April 25, a mass uninstallation of malware from all infected computers was organized.

“The most dangerous malware in the world”, as described by Europol, has worked by sending a huge number of emails to users around the world to infect the devices of those who would open the email. Emotet was considered the most dangerous because of its ability to function as a “door opener” for other cybercriminals and malware, and as a precursor to many data thefts and attacks ransomwarea.

Infected systems allowed the Emotet group to download and install additional malware. For the past three to four years, Emotet has functioned as a service used by various criminal groups, such as ransomware gangs and groups working with Point-of-Sale malware.

All of this stopped in January when the Emotet gang lost access to servers that controlled a vast network of infected devices.

But over the weekend, researcher Luke Ebah said that he noticed that the infamous TrickBot malware was being used as an entry point to distribute something that looked like a new version of Emotet on infected systems. The TrickBot group seems to be helping the Emotet gang get back on its feet by installing a new version of Emotet on systems already infected with TrickBot.

It is interesting that this is something that criminals have done before, and researchers from the Crypolaemus group who have previously followed Emotet say they knew it could be the way the Emotet gang would return. The Crptolaemus group played a key role in monitoring, mapping, and then helping the authorities remove Emotet.

For now, the Emotet gang is not sending emails as it once did, but relying on TrickBot to try to create an initial foothold for its new beginning after which we could see what Emotet has already seen.

But whether the return of Emotet will succeed remains to be seen. It will be very difficult for Emotet to reach its previous size at any time in the coming months. However, malware itself is still a serious threat that should not be ignored.



Source: Informacija.rs by www.informacija.rs.

*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!