{ "id": "713b9bca-1912-4448-a472-652b5a7dcbd6", "created_at": "2026-04-06T01:31:35.974899Z", "updated_at": "2026-04-10T13:11:58.03124Z", "deleted_at": null, "sha1_hash": "430815f0be8f889e9442dd9b4ad46b7c9266e0e1", "title": "Emotet-TrickBot malware duo is back infecting Windows machines", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1599070, "plain_text": "Emotet-TrickBot malware duo is back infecting Windows machines\r\nBy Lawrence Abrams\r\nPublished: 2020-07-20 · Archived: 2026-04-06 00:52:18 UTC\r\nAfter awakening last week and starting to send spam worldwide, Emotet is now once again installing the TrickBot trojan on\r\ninfected Windows computers.\r\nOn July 17th, 2020, after over five months of inactivity, the Emotet Trojan woke up and started massive spam campaigns\r\npretending to be payment reports, invoices, shipping information, and employment opportunities.\r\nCurrent Emotet campaign\r\nThese spam emails contain malicious documents that will install the Emotet trojan on the recipient's computer when opened\r\nand macros enabled.\r\nhttps://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nHistorically, once a user became infected with Emotet, the trojan would eventually download and install the TrickBot trojan\r\non the infected computer.\r\nIt wasn't until today, though, that Binary Defense researcher James Quinn told BleepingComputer that he began to see\r\nEmotet once again installing the TrickBot trojan.\r\nTrickBot and why it is so dangerous\r\nTrickBot is an advanced malware that infects Windows machines and is commonly seen targeting enterprise networks.\r\nWhat makes TrickBot so dangerous is that it will download modules that perform various malicious activities on an infected\r\ncomputer.\r\nThis activity includes:\r\nAttempting to spread laterally through a network\r\nSteal Active Directory Services databases\r\nHarvest login credentials and cookies from browsers\r\nSteal OpenSSH keys\r\nSteals RDP, VNC, and Putty credentials\r\nSteals banking credentials\r\nEven worse, though, once TrickBot has finished harvesting anything of value from a compromised network, it will open up a\r\nreverse shell to the Ryuk and Conti Ransomware actors.\r\nThis reverse shell will allow the ransomware operators to access the network, steal unencrypted files, and then deploy their\r\nransomware to encrypt all of the network's machines.\r\nNetwork and security administrators need to be sure users on their network are educated adequately on Emotet spam\r\ncampaigns and not open any suspicious documents.\r\nFurthermore, if a computer becomes compromised by Emotet, likely, they are also compromised by TrickBot.\r\nA full investigation should be launched, which includes assessing whether the infections have spread to other computers on\r\nthe network.\r\nhttps://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/\r\nhttps://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/" ], "report_names": [ "emotet-trickbot-malware-duo-is-back-infecting-windows-machines" ], "threat_actors": [], "ts_created_at": 1775439095, "ts_updated_at": 1775826718, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/430815f0be8f889e9442dd9b4ad46b7c9266e0e1.pdf", "text": "https://archive.orkl.eu/430815f0be8f889e9442dd9b4ad46b7c9266e0e1.txt", "img": "https://archive.orkl.eu/430815f0be8f889e9442dd9b4ad46b7c9266e0e1.jpg" } }