After almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns.
When Emotet sends spam campaigns the threat actors utilize various email templates that pretend to be invoices, reports, voice mails, holiday party invites, or even invites to a Greta Thunberg climate change demonstration.
These emails include malicious attachments that when opened will install the Emotet trojan.
Once installed, Emotet will use the victim’s computer to send further spam and will also download other infections such as TrickBot, which may ultimately lead to a Ryuk Ransomware infection depending on the target.
Emotet expert Joseph Roosen told BleepingComputer that on December 21st, 2019, Emotet stopped sending spam campaigns even though their command and control servers continued to run and issue updates.
At around 8:30 AM EST today, Roosen told us that Emotet began spewing forth spam campaigns again that target recipients around the world, with a strong focus on the United States.
Emotet is back from the holidays
Current Emotet campaigns being seen today include regular emails and reply-chain attacks pretending to be proof-of-delivery documents, reports, agreements, and statements.
Email security firm Cofense told BleepingComputer that they have seen spam campaigns targeting 82 countries, with a heavy targeting against the United States.