Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Malware

The Emotet botnet returns and is sending a slew of malicious emails

Kyle by Kyle
March 14, 2023
in Malware
0
Emotet banking trojan re emerges
23
SHARES
420
VIEWS
Share on FacebookShare on Twitter

The notorious Emotet botnet, considered one of the biggest threats to internet security, has resurfaced after a prolonged hiatus, armed with new tactics. The botnet’s trademark strategy of sending spam messages that appear to be from a known contact, addressing recipients by name and purporting to respond to existing email threads, was observed again last week after a four-month break.

You might also like

Netwire RAT seized by FBI and other worldwide police agencies

Update-resistant malware infects SonicWall security appliances

Fake ChatGPT websites are popping up and spreading malware

Previous resumptions of activity have seen Emotet deploy fresh techniques to avoid endpoint security products and deceive users into clicking on links or enabling dangerous macros in Microsoft Office attachments.

Last Tuesday, a malicious email was sent containing a Word document that had a massive amount of extraneous data added to the end, making it over 500MB in size, which could thwart some security products from scanning the contents. This is known as binary padding or file pumping, whereby zeros are added to the end of the document. If the user is tricked into enabling the macro, the Windows DLL file that is delivered is also pumped, causing it to expand from 616kB to 548.1MB, according to security firm Trend Micro.

Another new evasion technique was observed in the same document, which contained excerpts from Herman Melville’s classic novel Moby Dick, appearing in white font on a white page so that the text is not readable. Some security products flag Microsoft Office files containing only a macro and an image, which the hidden text aims to circumvent without raising the target’s suspicion.

emotet botnet moby dick
Emotet Botnet utilizing text from Moby Dick to deceive targets (credits: Trend Micro)

When the document is opened, the user is presented with a graphic that says the content can’t be accessed unless the user clicks the “enable content” button.

Microsoft had previously disabled macros downloaded from the internet by default, but users could still choose to enable them. The malware attack relies on this vulnerability, which requires users to enable macros in order to download a .zip file from a hacked legitimate website.

Word document enable editing enable content
Enable macro tactice employed by the Emotet (Credits: Trend Micro)

Office will then unzip the archived file and execute the inflated Emotet DLL infecting the device with devastating consequences. The malware is designed to steal sensitive data such as passwords and other confidential information. It also uses the victim’s machine to send spam emails to other users, further spreading the infection.

When a device is infected with malware, it poses a great threat to its user’s sensitive data. This malicious software is designed to steal passwords, confidential information, and it can use the device to send spam emails to the user’s contacts. Furthermore, the malware is capable of downloading other harmful software such as the notorious Ryuk ransomware or the TrickBot malware. This is an example of the infection chain:

emotet botnet infection chain
Emotet infection chain (credits: Trend Micro)

The latest revival of Emotet has once again showcased the botnet’s signature behavior of paying close attention to detail. This malicious software has spent years meticulously copying email conversations from infected machines and embedding them into spam messages sent to other parties in the same thread. By doing so, Emotet’s spam messages have a higher chance of going undetected, as they appear to come from someone the target has previously communicated with. Additionally, Emotet has the ability to infiltrate Wi-Fi networks and infect connected devices.

With the resurgence of Emotet, it is imperative to remain alert against the threat of malicious emails that can potentially compromise system security, even if they appear legitimate, and incorporate personalized elements.

Macros embedded within email attachments should be treated with caution, as they can execute malicious code on the user’s system. Before enabling macro functionality, it is recommended to confirm the identity of the sender through non-email means, such as phone or instant messaging.

Tags: banking trojanbotnetEmotet
Share21Tweet6
Kyle

Kyle

Co-owner, writer, and editor at ZeroSecurity. Security, Blockchain, and SEO enthusiast. "Formal education will make you a living; self-education will make you a fortune."

Recommended For You

Netwire RAT seized by FBI and other worldwide police agencies

by Christi Rogalski
March 16, 2023
0
Netwire RAT seized by FBI and other worldwide police agencies

The FBI, in partnership with several police agencies worldwide, has carried out an international law enforcement operation resulting in the arrest of a suspected administrator of the NetWire...

Read more

Update-resistant malware infects SonicWall security appliances

by Paul Anderson
March 12, 2023
0
Update-resistant malware infects SonicWall security appliances

Researchers have discovered that threat actors linked to the Chinese government are using malware to infect SonicWall's Secure Mobile Access 100, a popular security appliance, which remains active...

Read more

Fake ChatGPT websites are popping up and spreading malware

by Paul Anderson
March 1, 2023 - Updated on March 2, 2023
0
ChatGPT is found spreading malware created in Python

It was only a matter of time before hackers would start using the growing popularity of ChatGPT to spread malware and steal sensitive personal information. Recently, multiple security...

Read more

BlueSky Ransomware Infects KMSAuto Activator users

by Kyle
July 20, 2022 - Updated on July 22, 2022
0
BlueSky Ransomware backdoors KMSAuto activator

A financially motivated threat actor has been discovered spreading a new ransomware strain, dubbed BlueSky. The group is believed to be connected to the Conti ransomware group. CloudSEK's...

Read more

Syslogk Linux Rootkit triggers with magic packets

by Christi Rogalski
June 19, 2022 - Updated on June 20, 2022
0
Syslogk Linux Rootkit triggers with magic packets

Avast researchers have spotted a Linux rootkit that has the ability to hide malicious processes. The new Linux rootkit, called Syslogk, works by using magic packets to activate...

Read more
Next Post
Netwire RAT seized by FBI and other worldwide police agencies

Netwire RAT seized by FBI and other worldwide police agencies

Related News

BreachForums Owner Arrested and Charged

BreachForums Owner Arrested and Charged

March 17, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.