The Emotet malware botnet is back and running one again almost ten months after an international law enforcement operation took its command-and-control servers earlier this year in January.
- Once described as the “world’s most dangerous malware,” Emotet worked by sending massive waves of email spam to users all over the world in order to infect them with its malware strain.
- Once infected these systems would allow the Emotet gang to download and install additional payloads4.
- On Monday (15.11.2021), several researchers spotted indicators that Emotet has returned.
Over the weekend, security researcher from Cyber[.]wtf spotted that another malware botnet named TrickBot was helping the Emotet gang get back on its feet by installing the Emotet malware on systems that had been previously infected with TrickBot.
According to the researchers, they used to call this Operation ReachAround back when Emotet was dropped by TrickBot in the past.
According to the Abuse.ch, a member of the team tracked Emotet in the past, shows the gap in Emotet’s dormant period between January and November 2021, while the group rolled out new command and control servers (see Figure).
According to tracking teams, the Emotet gang is not sending out any new email spam but relying on the TrickBot gang to help them create an initial footprint of their new botnet incarnation before ramping up spam operations again.
“It doesn’t seem too large at this time, and we are not seeing active distribution yet,” the white-hat research group said. It remains to be seen if Emotet’s comeback will succeed.
Additionally, Abuse.ch group added that blocking the tracked command-and-control servers is strongly advised.
The updated list can be found at: