Security researchers at Ebach in a report mentioned TrickBot malware being used as an entry point to distribute a new version of Emotet Botnet on systems previously infected by the former. They have detected on November 14 a new variant in the form of a DLL file being deployed.
Emotet has been termed as the world’s most dangerous malware, it has the ability to act as a “door opener” for threat actors to obtain unauthorized access. Hence has been a trailblazer in much critical data theft and ransomware attacks. As a matter of fact, its loader operation has enabled other malware families such as Trickbot, QakBot, and Ryuk to enter a machine.In Spite of concerted efforts on the part of the law enforcement to automatically uninstall the malware as one from compromised computers in April, it has managed to resurface which is significant. Currently at the time of writing this article an account to malware tracking research project Abuse.ch’s Feodo Tracker shows nine Emotet command-and-control servers are online.
You can access new Emotet loader samples here. Network administrators are strongly recommended to block all relevant IP addresses, to prevent devices from being co-opted into the newly active Emotet botnet.
Lyceum Hackers from Iran Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa
USA Signs Internet Freedom and No-Hack Pact Ignored Since 2018
Ex-Broadcom Engineer accused of Stealing Chip Technology To Share with New Chinese Employer