Emotet Malware Makes A Comeback: What is It And What Prevention Steps Can Employers Take?

Cyber threat researchers from HP Wolf Security recently released its first quarter report, specifically identifying Emotet spam campaigns as the most common malware family identified. The team found a "27-fold increase in detections resulting from Emotet," which made up nine percent of all malware detected.

Threat analysts think the recent increase in Emotet malware is a sign that rather than departing the scene, Emotet's operators are "building back their strength and investing in growing the botnet."

Some infection examples of note include a rise in the use of non-Office-based structures to hide malicious code, as Microsoft has begun to disable macros. Also, infected Java Archive and JavaScript files both increased when compared to the previous quarter - 476 percent and 42 percent respectively.

There is also a growing use of HTML files to smuggle malware past email gateways, as well as an increase in Visual Basic script attacks (fileless attacks), both of which are adept at eluding detection. Some threat actors are designing Emotet malware campaigns to set off a chain of multiple infections on one device, which extends access to the victim's system.

To reduce exposure to this malware risk, security experts advise organizations to develop a "layered approach" to securing system endpoints, and focus on those areas through which systems become infected - email, browsers, and downloads. "Emotet becomes most common malware family in Q1 2022" www.securitymagazine.com (May 12, 2022).


The Emotet family of malware first emerged several years ago. It is known for being at the center of vast email campaigns, and then going dormant for long periods. The last time security experts identified an increase in the Emotet malware was in early 2021. As the above report highlights, it is again on the rise.

Emotet works as a Trojan malware, hiding its malicious coding inside seemingly harmless scripts and files. Because Emotet’s particular mechanism for delivery is via an email or webpage link, blocking .exe files and other attachments that cannot be scanned by your antivirus software can help prevent infection.

Also, a continued focus on user practices is essential to prevent malware attacks. Make sure users have access to only the information they need to perform their work, and keep them educated on safe email and internet practices. Users must view their email address as personal identification and protect it as such. Help them to recognize and avoid replying to spam or generic emails from businesses or charities.

Finally, your opinion is important to us. Please complete the opinion survey: