Emotet botnet resumed activity after 5 months of downtime

One of the most active botnets of 2019, Emotet, did not show almost any “signs of life” since February this year. Recently Emotet resumed activity and returned to service with a new spam campaign.

Check Point researchers noted that Emotet was the most active organization in October 2019, but at the same time, Europol experts believed that Emotet’s influence was waning.

Emotet appeared back in 2014, but it was one of the most active threats among malware.

“Malware was spreading using spam mails and through malicious Office documents. Such letters can be disguised as invoices, warnings about account security, party invitations, and even information about the spread of the coronavirus”, – explained Bleeping Computer journalists.

Hackers seem to be closely monitoring global trends and constantly improving their lures.

Although Emotet once began its journey as a classic banking trojan, the threat is now highly modified, and the group successfully collaborates with other criminal groups.

Today Emotet is distributed within the network. Emotet can even act as a Wi-Fi service.

“Emotet uses the infected machines to spread spam messages, and other malware as “Trickbot”, miners, info-stealers, as well as ransomware like Ryuk”, — said Bleeping Computer reporters.

CSIS Specialists, Microsoft, Malwarebytes,, Spamhaus, as well as a group of independent Cryptolaemus researchers, who have been closely monitoring the botnet’s activity for several years, recorded the return of Emotet at the end of last week.

Experts write that the new spam campaign targets users from the US and the UK, and letters are written in English in Word documents, or contain URLs that are commonly loaded on hacked WordPress sites. Documents like these are dangerous due to malicious macros that (if enabled) will eventually download and install Emotet.

The researchers note that along with the already known templates, the Word application also uses a new template that allows users to view all documents that were created in iOS.

Emotet botnet resumed activity

According to experts, more than 250,000 such letters have already been sent during the new campaign.

It should be noted that this is not the first long break in Emotet’s activity. Last year, the botnet was inactive for about four months, but then it resumed work. Spamhaus specialists provided this information.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button