6 May, 2019

New Emotet trojan variant uses different POST-infection traffic to infect users

cyber, detection, threat, attack, problem, virus, laptop, scanner, error, network, spyware, hack, red, aggression, symbol, internet, malware, infection, black, technology, theft, hacking, illustration, crime, pc, web, infected, trojan, thief, danger, message, ransomware, criminal, hacker, worm

  • The malware variant is tracked as Trojan.W97M.POWLOAD and spreads via phishing emails.
  • The email contains a malicious ZIP file, which if opened, results in the download of the malware.


A new variant of Emotet trojan that leverages a new POST-infection traffic technique has been discovered recently. The malware variant is tracked as Trojan.W97M.POWLOAD and spreads via phishing emails.

How does it propagate - According to researchers from Trend Micro, the new sample spreads via spam email with the help of the trojan downloader Powload. The email contains a malicious ZIP file, which if opened, results in the download of the malware. In order to open the file, the victims are required to provide the 4-digit password which is included in the email.

What’s the change in POST-infection traffic - Unlike the previous version, the new variant uses random words and numbers as a URI directory path in order to evade detection.

“Apart from the URI path, the data in the HTTP POST message body has also changed. Previous Emotet samples typically used an HTTP GET request to send victim information to the C&C server, and the data is stored in the Cookie header. The data was encrypted using an RSA key, AES, and then encoded in Base64 before being added to the Cookie value,” the researchers explained.

Worth noting - An investigation of open ports and services reveals that this new variant of Emotet is using vulnerable internet-connected devices as the first layer of C2 server. The vulnerable devices include routers, IP cameras, web servers and more.

“This first layer serves as a proxy that redirects victims to the real Emotet C&C servers, adding another layer of complexity in C&C server communication to make it more difficult to track down the actors behind the Emotet operations. Moreover, compromising vulnerable devices gives them additional resources that they can use for other malicious purposes,” the researchers noted.


Source: cyware.com

Latest News

6 May, 2019

Cyber attacks on small businesses continue to rise: Are you protected?

You may think it’ll never happen to you. You read the news, hear about stories of a friend of a friend, but you never think that you’ll become a cautionary tale— that’s where you’re wrong.

Read More

6 May, 2019

Small businesses are the new target for hackers

If you think your business is safe from cyber attacks because you’re “too small to hack,” think again—small businesses are a major target of hackers precisely because of this mentality.

Read More

6 May, 2019

Hackers are going after your online bank account

Banking and finance sites have the greatest risk for getting hacked, a new report says.

Read More

6 May, 2019

13+ Warning Signs that Your Computer is Malware-Infected

Reached out to your IT guys immediately.


Read More

6 May, 2019

Nearly 1 million new malware threats released every day

Companies are struggling to fend off cyber attacks as hackers get faster, sneakier and more creative.

Read More

6 May, 2019

Facebook stored millions of Instagram passwords in plain text

A lot more than initially state

Read More

Our Professional Services

CCTV Surveillance Services

The Latest Technology In CCTV For Condominiums and Businesses

IT Services And Support

IT Services cater for your needs

Entry-Phone System

The ultimate solution for all your communicating needs

Smarthome solutions

A peak into the future

See What Our Clients Say