It’s been discovered that the infamous Emotet Trojan has resurfaced with a new capability – it can check IPs on infected machines to see if malicious email senders are on spam lists, allowing hackers to send malware from an email address that’s guaranteed to get through. This is further proof that organisations need to be bolstering defenses as hackers continue to find ways to slip through the net of traditional AV and detection-based tools.
Expert Comments below:
Fraser Kyne, EMEA CTO at Bromium:
“The Emotet Banking Trojan is one of the most notorious pieces of malware in the wild, so its return comes as little surprise. Hackers are notoriously resourceful and can find ways to improve known attacks to breach the enterprise. Previously, we’ve seen cybercriminals apply polymorphic wrapping to Emotet to evade detection. Now it has gained the ability to check if the infected IP where the malicious email is being sent from is already on a spam list, allowing them to deliver more emails to inboxes without being rejected. This continuous development shows that hackers are looking to maximise financial gain to improve their ROI, helping to keep successful malware strains like Emotet an ever-present danger for the enterprise. Companies need to adopt layered cybersecurity defences that utilise virtualisation to isolate tasks within virtual machines. This renders attacks like Emotet harmless; even if an employee has opened a file, as the hacker will have nowhere to go and nothing to steal, keeping critical IP protected and helping organisations stay one-step ahead of new techniques being deployed by cybercriminals.”