Malware Distributors Adopt DKIM to Bypass Mail Filters

In July 2018, US-CERT raised an alert regarding the Emotet banking trojan, which is also being used to distribute a secondary malware known as “Trickbot”. This alert provided recommendations on how businesses can mitigate their exposure to the Trojan. Unfortunately, it looks like criminals are also reading the US-CERT’s warnings as they have adopted new techniques to bypass these recommendations.

Circa 2014, Emotet was first observed as a banking trojan and over time it has evolved to become a highly effective delivery system for other malware. Today, Emotet assumes numerous roles; it acts as a information stealer, malspammer and dropper. Its ability to spread itself via email, maintain a persistent state, and propagate laterally through networks, while using built-in evasion techniques that elude blue teams, has awarded it good reason for defensive teams to be concerned.

Read more…
Source: Bleeping Computer