Member-only story
Emotet being hijacked by another actor
Emotet is a malware distribution system, which has been involved in multiple human operated ransomware campaigns (for example, Ryuk). It’s a pretty common point of entry for threat actors. I’ve flagged a few times over the years, the last time in 2019, that Emotet uses an insecure malware distribution system.
They use various different webshells and techniques to update their malware— both Word documents and payload exes. They use largely hacked infrastructure (for example, Wordpress sites) to distribute their wares.
Their passwords and techniques for this are known. The net impact is anybody can replace their payloads.
Emotet returned last week, sending millions of emails. This week, somebody has started replacing the Emotet distribution files with animated GIFs.
My first thought was they were just serving different content to web requests with .htaccess, however from running actual Emotet emails, they were broke too. Emotet is under attack.
Here’s a video from BleepingComputer where you can see the impact — Emotet’s attacks fails to execute:
