Unfortunately, Emotet, known as one of the most dangerous malware botnets currently in existence is back with improved modules to help hide its presence on infected networks.

This comes from data researchers at a cyber security firm who yesterday Tweeted that Emotet botnets have, unfortunately, had a complete overhaul with redesigned malware and some of its modules now equipped with enhanced anti-malware evasion capabilities.

It’s thought Emotet Botnets have started using a hashbusting technique so as to make sure that the malware’s file hash on each infected system is different. The Tweet also mentioned that Emotet’s code is now using a “a state machine to obfuscate control flow".

Emotet was originally just a banking Trojan, much like Trickbot but over the last few years has been written and rewritten as a malware loader.

It’s estimated that the Malware has had to be removed from nearly 1.5 million systems in Q1, 2 and 3 of 2018 and had become such a threat that last year US-CERT were forced into issuing a specific  alert around Emotet malware.

Once the malware is in a system it can steal passwords from local apps and spread locally to any other machine on a network. From there it’s capable of stealing entire email threads which can be later used in spam campaigns.

The cyber actors behind Emotet are known to run their botnets as a Malware-as-a-Service (MaaS), which, as part of their ongoing scheme, allows other cyber criminals to rent access to Emotet-infected networks, allowing them to just drop in their own malware.