And it's spreading malware. EMOTET Trojan, notorious for stealing banking credentials, is back after months of inactivity. On 15th September the group behind Emotet started massive spam campaign with malicious attachments, targeting Germany, Poland, the UK, Italy and the US. The emails share a financial theme (issues with payment, bill or documentation) and are crafted to seem as a reply to the previous conversation. The attachments are Word documents containing malicious macro code. They present a fake message prompting victims to enable macro content to accept a Microsoft license agreement or their Word will not work beyond September 20.
Cybersecurity researchers speculate that the group behind Emotet rents their botnet to other malicious actors, as Emotet has been found to spread other Trojans (Trickbot and Dreambot) as well as ransomware (Ryuk).