The Emotet malware operation has continued to refine its tactics in a effort to fly under the radar while acting as a conduit for other dangerous malware such as Bumblebee and IcedID.
Emotet which is officially reemerged in late 2021 after which a coordinated takedown of its infrastructure by authorities earlier that year which has continued to be a persistent threat that’s distributed via phishing emails.
Attributed to cybercrime group tracked as TA542 and virus has evolved from a banking trojan to malware distributor since its first appearance in 2014.
The malware-as-a-service is also modular which is capable of deploying an array of proprietary and freeware components that can be exfiltrate sensitive information from compromised machines and carry out other activities.
Two latest additions to Emotet’s module arsenal comprise an SMB spreader that is designed to facilitate lateral movement using list of hard-coded usernames and passwords and a credit card stealer that also targets the Chrome web browser.
Recent campaigns which are involving the botnet have leveraged generic lures with weaponized attachments to initiate attack chain. But with macros becoming obsolete method of payload distribution and initial infection and the attacks have latched on to other methods to sneak Emotet past malware detection tools.
With the newest wave of Emotet spam emails and the attached .XLS files have method for tricking users into allowing macros to download the dropper.BlackBerry disclosed in a report that was published last week.
The method involves instructing victims to move decoy Microsoft Excel files to a default Office Templates folder in Windows and a location which is trusted by the operating system to execute malicious macros embedded within the documents to deliver Emotet.
The development points is to Emotet’s steady attempts to retool itself and also propagate other malware .