New analysis of Q3 shows Emotet attacks on the rise, complete with new methods and features that have impacted governments and enterprise businesses alike.

The banking trojan, Emotet, has been around since 2019, but seems to be the cat with nine lives, as it continues to evolve and repeatedly show itself after quiet periods. According to Recorded Future’s Cyber Threat Analysis report for Q3 of 2020, campaigns involving the trojan demonstrate it’s been undergoing modifications to make it more successful in infecting systems:

  • The replacement of TrickBot with QakBot as a final payload
  • A 1,000 percent increase in Emotet downloads, correlating with Emotet’s packer change, which causes the Emotet loader to have a lower detection rate across anti-virus software
  • Operators using new Word document templates
  • Operators using password protected archives containing malicious macros to bypass detections

Recorded Future’s analysts believe the Emotet will “continue to employ major pauses, we believe it is highly likely that Emotet will continue to be a major threat and impact organizations across a variety of industries throughout the end of the year and into 2021.”

We’ve seen Emotet involved in attacks on government agencies, and been employed in a malware-as-a-service model. The changes made in Q3 indicate it’s authors are paying attention to how it’s being detected and blocked, and are changing tactics to stay viable and successful in its goal to infect endpoints.