You are not connected...
Connection to the site
Language : english

Emotet malware is back in the news

Written by Guillaume
Publication date: {{ dayjs(1637773242*1000).local().format("L").toString()}}
This article is an automatic translation

Dismantled at the beginning of 2021 by a large law enforcement operation, Emotet is back with a new version... Even more dangerous?

In the opinion of many computer security experts, the Emotet malware was the most serious threat since its first appearance in 2014, until its dismantling announced on January 27 by Europol. The police forces decided to act after the malware's activity increased in the fall of 2020 and managed to not only stop its progression, but also to make it go down. A deceptive success.

Indeed, for the past few weeks, several specialists have pointed out a resurgence of activity of the malware. The Cryptolaemus group of researchers gave the alert via Twitter on November 15 by mentioning a new version of Emotet. Cryptolaemus specifies that this new version is "carried" by another well-known malware, Trickbot. This information is confirmed by other security experts such as GData and Advanced Intel, who provide some details.

GData and Advanced Intel believe that this "new Emotet" is more efficient than its predecessor. In particular, it uses the HTTPS encryption system to encrypt the traffic between the malware's control servers and the newly infected machines. In the past, it was only possible to use the simple HTTP protocol. Crytpolaemus also states that the command buffer is more complex than in the previous version of the malware: " We can now confirm that the command buffer has been modified. It now contains 7 commands as opposed to 3-4 on previous versions ".

According to Cryptolaemus, the first waves of infection date back to September 2021 and the researchers explain that they have observed large waves of suspicious emails. Remember that infected attachments or corrupted HTTP links remain the preferred means of spreading the malware. Once again, to avoid contagion, the safest way is not to trust the attachments of the emails you receive and to look carefully at the nature of a link before clicking on it. It is advisable to be even more cautious with the "new Emotet" that seems to have already infected many machines: researchers mention more than 246 machines acting as control servers for many other infected ones.