Emotet Malware (also referred to as Heodo or Geodo), has been seen in phishing spam campaigns. When it was initially spotted in 2014, it acted as a botnet that stole banking credentials. Now used as a backdoor, Emotet loads third-party payloads and modules used for spam, stealing credentials, email harvesting and spreading across local networks, according to Proofpoint researchers.
Like many other types of ransomware and malware, Emotet typically begins with a phishing email sent to a user, with the most common subjects referring to transactions, payments or invoices. The email body content similarly refers to missed or upcoming payments and financial statements, conveying a sense of urgency and importance as all good phishing emails do. Finally, Microsoft Word document attachments with macros and malicious URLs contain downloaders that attempt to download the Emotet payload.« Back to Glossary Index