While Emotet has been around for many years and is one of the most well-known pieces of malware in the wild, that doesn’t mean attackers don’t try to freshen it up. Cisco Talos recently discovered several new campaigns distributing the infamous banking trojan via email. These new campaigns have been observed following a period of relatively low Emotet distribution activity, corresponding with the observance of Orthodox Christmas in certain geographic regions. These new malicious efforts involve sending victims malicious Microsoft Word attachments with embedded macros that download Emotet.
This latest strain has also gained the ability to check if the infected IP where the malicious email is being sent from is already blacklisted on a spam list. This could allow attackers to deliver more emails to users’ inboxes without any pushback from spam filters.