Experts noticed that this week Emotet resumed its activity and after a three-month “rest” began to send malicious spam again. So far, information security specialists have not found any additional payloads. It looks like the malware is just collecting data for future spam campaigns. Let me remind you that we also wrote that Emotet Malware… Continue reading Emotet Has Resumed Activity after a Three-Month Break
Tag: Emotet
Emotet Botnet Resumed Activity after Five Months of Inactivity
The Emotet botnet resumed activity and began sending out malicious spam again after a five-month break, during which the malware practically “lay low.” So far, Emotet is not delivering additional payloads to the infected devices of victims, so it is not yet possible to say exactly what this malicious campaign will lead to. Let me… Continue reading Emotet Botnet Resumed Activity after Five Months of Inactivity
Emotet Malware Operators Found a Bug in Their Bootloader
Emotet malware operators have fixed a bug due to which, after opening a malicious document the system was not infected, and launched a phishing campaign again. Let me remind you, by the way, that at the end of last year we wrote that Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware. Emotet’s main… Continue reading Emotet Malware Operators Found a Bug in Their Bootloader
TrickBot causes crashes on the machines when cybersecurity experts studying it
TrickBot malware has received new features that make it more difficult to investigate and detect — for example, TrickBot has learned to crash the browser when suspicious manipulations are detected. TrickBot is one of the most famous and “successful” malware to date. The malware was first noticed back in 2015, shortly after a series of… Continue reading TrickBot causes crashes on the machines when cybersecurity experts studying it
Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware
The latest of this year, December’s patch Tuesday brought fixes for six 0-day vulnerabilities in Microsoft products, including a bug in the Windows AppX Installer that uses Emotet malware to spread. Microsoft patched 67 vulnerabilities in its products this month, seven of which are classified as critical and 60 are classified as important. Separately, Microsoft… Continue reading Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware
Emotet now installs Cobalt Strike beacons
The researchers warn that Emotet now directly installs Cobalt Strike beacons on infected systems, providing immediate access to the network for attackers. Those can use it for lateral movement, which will greatly facilitate extortion attacks. Let me remind you that usually Emotet installs TrickBot or Qbot malware on the victim’s machines, and that one already… Continue reading Emotet now installs Cobalt Strike beacons
In August, the updated Qbot Trojan first entered the top of the most widespread malware
Check Point has released its monthly Global Threat Index for August 2020. According to the researchers, the updated Qbot Trojan (aka QuakBot, Qakbot, and Pinkslipbot) first entered the TOP of the most widespread malware in the world, where it took tenth place. Experts discovered Qbot in 2008; over the years, it has evolved from an… Continue reading In August, the updated Qbot Trojan first entered the top of the most widespread malware
Microsoft recommends Exchange administrators to disable SMBv1
Microsoft strongly recommends administrators disable the SMBv1 protocol on Exchange servers to protect against threats that exploit its vulnerabilities. Let me remind you that Microsoft has been implementing a systematic refusal to use the outdated SMBv1 for a long time. So, since 2016, the company has advised administrators to withdraw from SMBv1 support since this… Continue reading Microsoft recommends Exchange administrators to disable SMBv1
Trojan Emotet is trying to spread through available Wi-Fi networks
Binary Defense analysts noticed that the new version of the Emotet Trojan behaves like a Wi-Fi worm, as it tries to spread and infect new victims through Wi-Fi networks available nearby. Researchers say that to detect the nearest Wi-Fi networks, the malware uses wlanAPI.dll on an already infected machine. Having discovered an available network, Emotet… Continue reading Trojan Emotet is trying to spread through available Wi-Fi networks
Greta Thunberg became the most popular character in phishing campaigns
Check Point analysts prepared a traditional monthly report on the most active threats, the Global Threat Index. Greta Thunberg and Christmas became the most popular topics in spamming and phishing campaigns. For already three months, the Emotet Trojan has occupied one of the leading positions among malware: in December, Emotet affected 13% of organizations worldwide,… Continue reading Greta Thunberg became the most popular character in phishing campaigns