skip to Main Content

Cybercrime, Emotet is back with the “Operation Reacharound”

Cryptolaemus: Emotet is back with the “Operation Reacharound”. It is spread via spam emails with a zip, an xls or a doc attachment, which downloads a dll starting the malware infection

Emotet is back. It has been denounced by Cryptolaemus cybersecurity researchers, who tracked the malware since its first appearance and helped international police force to disrupt the botnet on January 2021. According to Brad (@malware_traffic), the malware movements started again on 15 November. It is spread via spam emails carrying a zip, an xls or a doc attachment. This, if opened, contact a link from an internal list and download a dll, starting the infection, as happened until January. The only real difference is Emotet post-infection C2 is now encrypted HTTPS instead of unencrypted HTTP. Furthermore, Cryptolaemus believes that the botnet has been rebuild, using the TrickBot’s existing infrastructure, and dubbed it “Operation Reacharound.”

Back To Top