The Emotet Trojan became a horror for many users in 2019 and paralyzed entire authorities in Germany. After five months of radio silence, the malware is now back – and is using a new trick.
The Emotet Trojan caused a stir last year when it paralyzed a series of computers in German authorities. In September, for example, an attack was directed against the Berlin Supreme Court, the consequences of which the employees still suffer nine months later. In December 2019, spam messages were sent en masse disguised as mail from federal authorities – but Emotet was lurking in the attachment.
The Federal Office for Information Security (BSI) described the pest as the “world’s most dangerous malware” because it is constantly being improved and more and more sophisticated methods are being developed to deceive its victims (how Emotet works and how computers turn into dangerous spam slingshots you can read here).
Emotet returns with new tricks
Most recently, however, it was noticeably quiet about the malware, the last “signal of life” was received on February 7th. No spam emails have been sent on his behalf since then. Now Emotet has reported back after several months of abstinence, analyzes suggest from Bleeping Computer and security researcher James Quinn. Companies such as Malwarebytes and Microsoft are also reporting that the Emotet botnet is making a comeback.
Experts Joseph Roosen are currently sending huge amounts of spam around the world. There are manipulated Word or Excel documents in the e-mail attachments. In order for users to open the attachments, the operators are using a new trick: The attached Word documents use a new template that tells the user that they cannot be opened properly because they were allegedly created under Apple’s iPhone operating system iOS. If you click on the error message, you open the door to the Trojan horse. This new document template has never been used before.
The current campaign is aimed primarily at recipients in the US and UK. According to the tech portal “Ars Technica”, 250,000 spam emails were sent in one day in the USA alone. But sooner or later, German users are likely to be targeted by cyber criminals.
It becomes dangerous after infection
Once Emotet is on the computer, a whole cascade is set in motion. As a rule, the computer itself becomes a spam-spinner and spreads the dangerous documents to its own contacts. The worm also spreads via the network. The malware becomes really dangerous when it “enters into alliances with other malware gangs and especially with actors who are interested in collecting ransom”, write the experts from “Malwarebytes”.
In many cases, other Trojans such as Trickbot are installed, which then quietly scan the online banking system in the background. In other cases the hard drives of the computers are encrypted and a ransom is demanded. In the worst case, not even data backups can help because some variants also attack connected backup hard drives. According to some reports, the amount of ransom money even seems to take into account users’ accounts – this shows how advanced the software is.
It’s not the first time the Emotet botnet has made a comeback. It was inactive from May to June 2019, only to return even more dangerous.
Security researchers warn: extortion trojan uses new trick to bypass antivirus programs
– More harm than good: This is how harshly an ex-Firefox developer calculates the antivirus industry