Emotet-TrickBot malware duo is back infecting Windows machines
By Lawrence Abrams
Published: 2020-07-20 · Archived: 2026-04-06 00:52:18 UTC
After awakening last week and starting to send spam worldwide, Emotet is now once again installing the TrickBot trojan on
infected Windows computers.
On July 17th, 2020, after over five months of inactivity, the Emotet Trojan woke up and started massive spam campaigns
pretending to be payment reports, invoices, shipping information, and employment opportunities.
Current Emotet campaign
These spam emails contain malicious documents that will install the Emotet trojan on the recipient's computer when opened
and macros enabled.
https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/
Page 1 of 4

0:00
https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/
Page 2 of 4

Visit Advertiser websiteGO TO PAGE
Historically, once a user became infected with Emotet, the trojan would eventually download and install the TrickBot trojan
on the infected computer.
It wasn't until today, though, that Binary Defense researcher James Quinn told BleepingComputer that he began to see
Emotet once again installing the TrickBot trojan.
TrickBot and why it is so dangerous
TrickBot is an advanced malware that infects Windows machines and is commonly seen targeting enterprise networks.
What makes TrickBot so dangerous is that it will download modules that perform various malicious activities on an infected
computer.
This activity includes:
Attempting to spread laterally through a network
Steal Active Directory Services databases
Harvest login credentials and cookies from browsers
Steal OpenSSH keys
Steals RDP, VNC, and Putty credentials
Steals banking credentials
Even worse, though, once TrickBot has finished harvesting anything of value from a compromised network, it will open up a
reverse shell to the Ryuk and Conti Ransomware actors.
This reverse shell will allow the ransomware operators to access the network, steal unencrypted files, and then deploy their
ransomware to encrypt all of the network's machines.
Network and security administrators need to be sure users on their network are educated adequately on Emotet spam
campaigns and not open any suspicious documents.
Furthermore, if a computer becomes compromised by Emotet, likely, they are also compromised by TrickBot.
A full investigation should be launched, which includes assessing whether the infections have spread to other computers on
the network.
https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/
Page 3 of 4

Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the
other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic
questions for any tool evaluation.
Source: https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/
https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/
Page 4 of 4