The notorious Emotet malware has returned with renewed vigour as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee.
“Hundreds of thousands of emails per day” have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, “the new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families.”
Among the primary countries targeted are the U.S., the U.K., Japan, Germany, Italy, France, Spain, Mexico, and Brazil.
The Emotet-related activity was last observed in July 2022, although sporadic infections have been reported since then. In mid-October, ESET revealed that Emotet may be readying for a new wave of attacks, pointing out updates to its “systeminfo” module.
The malware, which is attributed to a threat actor known as Mummy Spider (aka Gold Crestwood or TA542), staged a revival of sorts late last year after its infrastructure was dismantled during a coordinated law enforcement operation in January 2021.
images from Hacker News