cloudThing logo in white
Menu open icon
tel: +44 (0) 121 393 4700
Menu closed icon


Generally useful pages


We know loads about this stuff

What we do

The Building Blocks for cloudThing Magic

Keyboard underlit with red light

Heads Up Everyone… Emotet Malware Is Back And Worse Than Ever

Mon Apr 27 2020

After months of inactivity experts warn Emotet bots are becoming active again

Unfortunately, Emotet, known as one of the most dangerous malware botnets currently in existence is back with improved modules to help hide its presence on infected networks.

This comes from data researchers at a cyber security firm who yesterday Tweeted that Emotet botnets have, unfortunately, had a complete overhaul with redesigned malware and some of its modules now equipped with enhanced anti-malware evasion capabilities.

open quote mark

Emotet is back and better (worse) than before. After months of inactivity, all botnets are showing signs of life and utilising new evasion techniques. Botnet E2 is currently deploying credential and email stealing modules, likely in preparation for a new spam campaign.

Branches are flattened into nested loops, allowing code blocks to be places in arbitrary order, with flow controlled by a randomised state value. This allows for easy code mutation and possibly polymorphism.

Researchers at MalwareTech

close quote mark

It’s thought Emotet Botnets have started using a hashbusting technique so as to make sure that the malware’s file hash on each infected system is different. The Tweet also mentioned that Emotet’s code is now using a “a state machine to obfuscate control flow".


Emotet was originally just a banking Trojan, much like Trickbot but over the last few years has been written and rewritten as a malware loader.

It’s estimated that the Malware has had to be removed from nearly 1.5 million systems in Q1, 2 and 3 of 2018 and had become such a threat that last year US-CERT were forced into issuing a specific  alert around Emotet malware.


Once the malware is in a system it can steal passwords from local apps and spread locally to any other machine on a network. From there it’s capable of stealing entire email threads which can be later used in spam campaigns.


The cyber actors behind Emotet are known to run their botnets as a Malware-as-a-Service (MaaS), which, as part of their ongoing scheme, allows other cyber criminals to rent access to Emotet-infected networks, allowing them to just drop in their own malware.

Not quite ready to get back to work just yet?

The 7 Stages Of A Successful AI Project

AI Trained To Spot Humans vs Bots on Twitter

Sainsbury's Opts For Blue Yonder's AI-Powered Platform

Contact Us

If you think your cyber security needs beefing up cloudThing will be happy to have a chat with you about the best steps forward. 



Company Name

Email Address


Telephone Number

Is there anything else you'd like to know?

© cloudThing 2021

Mon Apr 27 2020

© 2020 Copyright cloudThing ltd. All rights reserved. Company registered in England & Wales no. 7510381, VAT no. 152340739