Emotet Made Up 61% of Malicious Payloads in Q1

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots

31st May, 2019 1 Min read

The botnet has displaced credential stealers, stand-alone downloaders, and RATs in the overall threat landscape.

Emotet, a form of malware previously classified as a banking Trojan but now considered a botnet, made up 61% of all payloads in the first quarter of 2019, Proofpoint researchers report.

Book a demo today to see GlobalDots is action.

The data comes from Proofpoint’s “Q1 2019 Threat Report.” Researchers who have been tracking Emotet’s evolution say its popularity is reflected in the growth of attacks using malicious URLs. In the first quarter of 2019, emailed cyberattacks using bad links outnumbered those packing malicious attachments by five to one — up 180% from the first quarter of 2019, they report.

Emotet frequently downloads additional modules for sending spam and downloading additional malware. This caused a change in classification, as well as increases in the volume of messages trying to install Emotet. As a result, researchers saw a significant change in the volume of messages by malware family: 61% of payloads were botnets, and all of them were Emotet. The threat is responsible for the inclusion of the “botnet” category in 2019, during which Emotet has displaced credential stealers, stand-alone downloaders, and remote access Trojans (RATs) in the threat landscape.

A central robot with multiple smaller robots connected by wires,featuring a digital display showing 'BOT'.

Latest Articles

Cloud Security Cloud Workload Protection Vulnerability Management

The Security Blind Spot: Business Logic Failures and How to Catch Them

Security leaders know the drill: vulnerability scanners run their course, reports stack up, and yet attackers still slip through. What’s going wrong? We sat down with Yosef Yekutiel, CISO & Data Privacy Officer at MaccabiDent, at GlobalDots’ recent “Red Team Reality Check” event to unpack this gap, and how modern offensive security can fill it. […]

Ganesh The Awesome

27th August, 2025

Monitoring, Logging & Observability

How NetRefer Cut Observability Costs by €96,000 Per Year in Just 3 Months with GlobalDots

Overview NetRefer, a leading iGaming affiliate marketing platform, utilized Azure cloud-native monitoring tools. Shortcomings needed to be resolved, and the business required next-generation observability. Problems that needed to be solved: Through GlobalDots’ expertise in selecting and implementing the right observability solution, NetRefer achieved €96,000 in annual savings and gained real-time observability across their entire platform […]

Ganesh The Awesome

24th July, 2025

Web Security

Vulnerability Assessments vs. Penetration Testing: Key Differences, Use Cases & Best Practices

They’re not interchangeable. A vulnerability assessment identifies known flaws at scale. A penetration test mimics an actual attacker probing for impact. Yet many teams treat them the same. They substitute one for the other, check a compliance box, and move on as if they’re covered. They’re not. And that gap shows up later in real-world […]

Ganesh The Awesome

7th July, 2025

Web Security

Web Application Firewalls (WAFs): The Evolving First Line of Defense in Cloud Security

Modern applications are built for speed, not simplicity. Containers, microservices, and cloud-native deployments have blown up the security perimeter. Traditional tools can’t keep up with this complexity. That’s why Web Application Firewalls (WAFs) matter. But the WAF of 2025 isn’t just an appliance sitting in front of a static website. It’s a flexible, cloud-aware security […]

Ganesh The Awesome

7th July, 2025

Back to Resources

Unlock Your Cloud Potential