"Emotet is Rebuilding its Botnet"
Cybersecurity professionals are unsurprised by the apparent return of Emotet malware. The malware’s creators APT group TA542 hired Emotet out to other cybercriminals, who used it to install malware, such as banking trojans or ransomware, onto victims’ computers. Emotet’s botnet infrastructure was dismantled in January as part of a coordinated action by authorities in Canada, France, Germany, Lithuania, the Netherlands, the United Kingdom, the United States, and Ukraine. Now, a team of researchers from Cryptolaemus, G DATA, and AdvIntel have reported observing the TrickBot trojan launching what appears to be a new loader for Emotet. One researcher stated that the new variant of the infamous malware follows a similar path of delivering both malicious Office or ZIP files, in addition to other command-and-control (C2) payloads. The security researcher also noted that many cybercriminal groups could return to using Emotet over the next few months.