Emotet Banking Trojan Resurfaces With New Spam Avoidance Capabilities

By   ISBuzz Team
Writer , Information Security Buzz | Jan 21, 2019 04:30 am PST

It’s been discovered that the infamous Emotet Trojan has resurfaced with a new capability – it can check IPs on infected machines to see if malicious email senders are on spam lists, allowing hackers to send malware from an email address that’s guaranteed to get through. This is further proof that organisations need to be bolstering defenses as hackers continue to find ways to slip through the net of traditional AV and detection-based tools.

Expert Comments below:

Fraser Kyne, EMEA CTO at Bromium:

“The Emotet Banking Trojan is one of the most notorious pieces of malware in the wild, so its return comes as little surprise. Hackers are notoriously resourceful and can find ways to improve known attacks to breach the enterprise. Previously, we’ve seen cybercriminals apply polymorphic wrapping to Emotet to evade detection. Now it has gained the ability to check if the infected IP where the malicious email is being sent from is already on a spam list, allowing them to deliver more emails to inboxes without being rejected. This continuous development shows that hackers are looking to maximise financial gain to improve their ROI, helping to keep successful malware strains like Emotet an ever-present danger for the enterprise. Companies need to adopt layered cybersecurity defences that utilise virtualisation to isolate tasks within virtual machines. This renders attacks like Emotet harmless; even if an employee has opened a file, as the hacker will have nowhere to go and nothing to steal, keeping critical IP protected and helping organisations stay one-step ahead of new techniques being deployed by cybercriminals.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x