Reversing Labs cybersecurity experts: Who opened the malicious Word attachment is required to make multiple, additional clicks to activate the embedded malware.
Cryptolaemus: A white knight has put Emotet cybercrime gang in trouble. Someone hacked into the malware’s distribution sites and replaced malicious payloads with memes and images
A “white knight” has attacked cybercrime group behind the last Emotet campaign worldwide. It has been reported by the Cryptolaemus cyber security experts, according to Bleeping Computer. MalwareHunterTeam, however, added that “Hearing much people talking about ‘Emotet hacked’, how there is an “ongoing battle’, etc. I just say one thing: if this real hack, it means Emotet actors clearly did not gave enough fs. And as long as this still going on, it can be said they are still not giving. That’s it”. This, after someone hacked into the malware’s distribution sites and replaced malicious payloads with memes and images (GIFs). The counter-offensive has been happening for the past few days, providing some respite from Emotet spamming while the threat actor figures out how to regain control over their distribution sites.
The cyber security experts: This sudden and unprevenbted counter-offensive obliged criminals to pause the spamming, but the war is not over
According the cyber security experts, Emotet’s distribution relies on hacked websites where the actors store payloads to be used in their spam campaigns. When victims fall for the ruse and open malicious spam attachments, executed macros will retrieve the malware payload from compromised sites in the botnet’s network. But without a payload, the victim’s computer does not fall in Emotet’s grip. So whoever is replacing the cybercrime malicious code in the botnet’s distribution network is doing a huge favor to users and also keeping the threat actor busy. Researchers saw images of James Franco at first and then Emotet’s hacked sites served the Hackerman meme. However, this war is still ongoing. cyber criminals put spamming activity on standby because of this sudden counter-offensive, but they will likely implement some changes to protect and restart their operations.