Emotet Returns from the Holidays with New Tricks

Following a short period of low activity during the holiday, Emotet operators are back at distributing through malicious email campaigns a new strain of their payload that carries new tricks. The message target users speaking different languages, luring them into opening an attached document laced with code that pulls in and installs the malware. The new variant can also check if the recipient’s/victim’s IP address is blacklisted or on a spam list maintained by services like Spamhaus, SpamCop, or SORBS. “This could allow attackers to deliver more emails to users’ inboxes without any pushback from spam filters,” researchers at Cisco Talos say.  Also with the purpose of evading spam filters, Emotet has the ability to change the subject line. The tactic was observed in past campaigns. Read the full article at Bleeping Computer.