Information security experts report that on April 25 a "time bomb" went off and the…
However, at the end of 2021, ten months after this operation, the researchers again discovered malware activity. It turned out that another well-known botnet, TrickBot, helped Emotet operators get back on their feet by installing Emotet malware on systems already infected by TrickBot itself. It soon became apparent that the hack group Conti was behind Emotet’s comeback.
Analysts from Black Lotus Lab decided to take a closer look at the new round of Emotet development. As you can see in the chart below, the botnet started to slowly recreate itself in November last year, and since January 2022 has grown much faster thanks to phishing campaigns.
This Emotet distribution campaign also possesses some new features, such as a new elliptic curve cryptography scheme that replaces RSA encryption. Also in the new version, the process list module is deployed only after establishing a connection with the control server. In addition, the authors of the malware have added to their product more opportunities for collecting information and better profiling the system.
Black Lotus reports that there are currently around 200 unique management servers supporting the Emotet resurgence, and the number is steadily growing. The average time of activity of one server is 29 days.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…