dChan
Anonymous ID: 78d801 July 26, 2020, 10:52 a.m. No.10083641   🗄️.is 🔗kun

https://www.zdnet.com/article/a-vigilante-is-sabotaging-the-emotet-botnet-by-replacing-malware-payloads-with-gifs/

http://archive.is/gb8Kd

 

A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs

 

Emotet botnet activity goes down as Emotet admins are wrestling with a vigilante for control over parts of their infrastructure.

 

An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected.

 

The sabotage, which started three days ago, on July 21, has grown from a simple joke to a serious issue impacting a large portion of the Emotet operation.

 

According to Cryptolaemus, a group of white-hat security researchers tracking the Emotet botnet, the vigilante is now poisoning around a quarter of all Emotet's payload downloads.

 

Emotet, considered today's most dangerous malware strain/botnet, was recently silent for more than five months and came back to life last week.

 

Since Tuesday, an unknown vigilante appears to have discovered this common password and has been abusing this weakness botnet to sabotage Emotet's comeback.

 

The unknown intruder has been replacing Emotet payloads on some of the hacked WordPress sites with animated GIFs – which means that when Emotet victims open the malicious Office files, they won't get infected as the Emotet malware won't get downloaded and executed on their systems.

 

Over the past three days, the intruder has replaced the Emotet payloads with multiple popular GIFs.

 

The first, spotted on Tuesday, is this Blink 182 "WTF" GIF.

 

On the second day, the attackers moved to using a James Franco GIF.

 

After that, we had the Hackerman GIF.