Researchers are seeing signs that Emotet, a botnet widely used to distribute spam that carried other payloads (including QakBot and Trickbot, which in turn were used to deliver initial access for ransomware infestations with Ryuk, Conti, ProLock, Egregor, and other strains) has resurfaced. Europol had disrupted Emotet's infrastructure back in January and arranged for general uninstallation of the malware in April. BleepingComputer reports that Trickbot has recently been observed dropping an Emotet loader into infected devices. G Data blogged that on Sunday it detected a DLL that appeared to be Emotet; it subsequently confirmed the identification. The Record, which has been in touch with researchers at Cryptolaemus who've been tracking the reappearance of Emotet, writes that the comeback appears to be in its early stages.
The Mirai botnet is also back. Cloudflare says that last week it blocked a DDoS attack from 15,000 IoT bots and unpatched GitLab instances running Mirai. The attack peaked at almost two terabytes per second.
An Android banking Trojan researchers at Cleafy are calling "SharkBot" is affecting banking customers in Europe. According to the Record, SharkBot appears to be in a relatively early stage of development, but it's enjoying some success by using Automatic Transfer Systems to bypass protections normally provided by multifactor authentication.
Intel has released firmware updates for a privilege-escalation vulnerability in some processors' BIOS. The chipmaker is also addressing, Ars Technica reports, an issue that could allow an attacker with physical access to backdoor some chips. Positive Technologies outlines the bug's implications.