Emotet has cropped up again, and this time, there's more to the story
One of the longest-running and more lethal malware strains has once again returned on the scene. Called Emotet, it started out life as a simple banking Trojan when it was created back in 2014 by a hacking group that goes by various names, including TA542, Mealybug and MUMMY SPIDER.
Its history has been tracked by researchers, such as this timeline from Proofpoint:
Credit: Proofpoint As you can see, it has been through numerous enhancements and improvements. By 2017, its creators had expanded its attacks to deliver various banking trojans (including Qakbot and TrickBot) and steal browser stored passwords. Compromised PCs would be recruited to help form a botnet that was then used to launch additional phishing attacks. A report from Bromium issued in June 2019 tracked its evolution up until that moment in time. The report documents how Emotet’s owners or operators have shifted their strategy from stealing bulk data to selling their malware as a service for others to ply their trade.
What made Emotet interesting was its well-crafted obfuscation methods. It was one of the early malware samples to deploy polymorphic code to vary its size and attachments, meaning that it would change its form and procedures to try to evade detection. It also used multi-state installation procedures and encrypted communications channels. Over the years, it has had some very clever lures, such as sending spam emails containing either a UR ..
Support the originator by clicking the read the rest link below.
