First identified in 2014, EMOTET was a troublesome malware trojan used to steal data from banking institutions. According to researchers from Trend Micro, new variants were found spreading via spam bots this August. SC Magazine reports that the new EMOTET variants have been targeting multiple geographical regions, each able to drop a different payload and spread in multiple ways.
While previous versions of the EMOTET trojan targeted the banking sector specifically, these new variants have been discovered targeting other industries like manufacturing, food and beverage, and healthcare. Victims are usually infected through a malicious URL in phishing emails that claim to be invoices or payment notifications. Once downloaded, the trojan will register itself as a system service and take action to make sure it is automatically executed during system startup.
Here’s some more information from SC Magazine about how these new EMOTET variants spread: “The newer variants are also spreading primarily through spam botnets as well as via a network propagation module that brute forces its way into an account domain using a dictionary attack. Some variants also use compromised URLs as C&C servers likely helped it spread as well.”
Most of the recent infections are in the United States, and a smaller number were found in Canada and the United Kingdom. It’s a good reminder for security pros that we need to take old threats seriously. You never know when a modified version of an old malware strain might resurface.