“Kaspersky Lab has warned of an explosive increase in Emotet activity for the first time since its return in November 2021.
Note that Emotet is recognized by Europol as the most dangerous malware in the world. The number of attacked users more than tripled, from 2,843 in February 2022 to 9,086 in March, and the number of attempted attacks increased from 16,897 in February to 48,597 in March. In Russia, the number of attacked users increased by more than 60% during this period.
As the Lab explains, Emotet is both a controlled network of infected devices used to attack other devices and malware capable of extracting various types of data, including financial data, from infected devices. Emotet was halted in early 2021 thanks to a concerted effort by law enforcement agencies around the world, but the botnet resurfaced late last year.
Emotet most commonly infects devices via spam emails with a malicious Microsoft Office macro attached. This macro allows you to launch a malicious PowerShell command and then a bootloader, which sets up a message with the command and control server and enacts the following malicious modules. They can perform many different actions on the infected device.
The current version of Emotet can create automated spam emails that are then spread across the network via infected devices, collecting email addresses and emails themselves from Thunderbird and Outlook applications, as well as passwords from popular browsers.