Threat Awareness – Emotet Employing New Tactics to Evade Detection and Infect more Victims

Once again, the infamous Emotet malware re-emerges with new evasion tactics to increase its chances of remaining undetected and propagate to more victims. As a reminder, successful Emotet attacks typically lead to the delivery of additional malware, including ransomware.

Emotet developers, who spread the malware primarily via phishing campaigns, are constantly updating and adapting its attack chain. Two of the latest tactics being utilized by Emotet include a new Server Message Block (SMB) spreader module used to conduct lateral movement and an information stealer specific to Google Chrome that targets financial information. In addition to this, “new Emotet variants have now moved from 32bit to 64bit, as another method for evading detection,” according to BlackBerry. Lastly, security researchers have observed Emotet campaigns utilizing stolen email reply chains to distribute a malicious Excel attachment that will download the malware. As WaterISAC reported in November, the difference from prior campaigns is the inclusion of additional instructions in the Excel file informing the victim to bypass certain Windows protections, notably an attempt to bypass Microsoft’s default blocking of macros for attachments received from outside the recipient’s organization. WaterISAC continues to track Emotet and its ever-changing tactics, including in April and June of last year. Members are encouraged to keep abreast of Emotet activity and follow recommended guidance to protect against this enduring threat. Read more at BlackBerry.