Researcher: Emotet Trojan comes back
Researchers recently revealed that hackers using malware Emotet has resumed sending phishing emails in mid-September after the C2 servers of Emotet had fallen silent and were no longer sending instructions to infected machines. In addition, these hackers began using the malware in conjunction with ransomware such as TrickBot and Ryuk to maximize economic benefits.
After successfully infecting a device, the hacker will steal the email account credentials in the device to impersonate the victim to send the phishing email. The hacker will search for the message in the victim’s mailbox that has not yet been replied, and reply with the victim’s account. A phishing email with Emotet is attached. However, the Emotet that comes with the email does not come from the victim device, but from an SMTP server elsewhere.
Currently, researchers have found phishing emails in German, Polish, Italian, and English. Experts say users should use complex passwords and multiple authentications.
Via: bleepingcomputer