Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy Command and Control Servers

New samples of Emotet have been observed using different post-infection traffic than previous versions, according to analysis just published by cybersecurity company Trend Micro. Additionally, that analysis revealed Emotet is attempting to use compromised connected devices as proxy command and control servers to evade detection. These discoveries also show that the malware is being used to compromise and collect vulnerable connected devices, which could become resources for other malicious purposes. The change in post-infection traffic and the use of connected devices show that Emotet is still a constantly evolving and resilient threat. The malware authors are fine-tuning evasion techniques and trying to adapt to security solutions. If left unchecked and undetected, this threat may lead to a substantial loss of money and data for businesses. In its Emotet Technical Alert, the NCCIC estimated Emotet infections have cost some government offices up to $1 million to remediate. Read the article at Trend Micro.