Emotet and other malware delivery systems.
N2K logoSep 19, 2022

Emotet may have lost ground to some of its criminal rivals, but the botnet is now being used by some groups who are seeking to take Conti's place.

Emotet and other malware delivery systems.

Researchers at AdvIntel have observed more than 1.2 million Emotet infections since the beginning of 2022. Most of the infections (35.7%) are located in the United States. The researchers also warn that the Quantum and BlackCat ransomware groups are now using the malware distribution botnet following the breakup of Conti in June 2022:

“The observed botnet taxonomy attacker flow for Emotet is Emotet -> Cobalt Strike -> Ransomware Operation. What this means is that currently, the way that threat actors primarily utilize Emotet is as a dropper, or downloader for a Cobalt Strike beacon, which deploys a payload allowing threat actors to take over networks and execute ransomware operations.”

BleepingComputer adds that significant spikes in Emotet activity were observed by both AdvIntel and ESET in 2022.

According to Check Point’s visibility, however, the FormBook infostealer replaced Emotet as the most prevalent malware strain in August 2022, followed by the AgentTesla Trojan, the XMRig cryptominer, and the Guloader downloader. Meanwhile, AlienBot, Anubis, and Joker were the top most common mobile malware strains:

“The shifts that we see in this month’s index, from Emotet dropping from first to fifth place to Joker becoming the third most prevalent mobile malware, is reflective of how fast the threat landscape can change.”