A new Emotet Trojan variant has been observed in the wild with the added capabilities of using compromised connected devices as proxy command-and-control servers. Trend Micro’s researchers found out that the new banking Trojan variant uses randomly generated URI directory paths in its POST requests to better blend in with the host’s outgoing web traffic. The new version was detected by Trend Micro while analyzing the malware’s network traffic and discovering that it comes with “different POST-infection traffic”” and that it is also trying to conceal its real C2 servers.”
Source: https://www.bleepingcomputer.com/news/security/emotet-uses-compromised-devices-as-proxy-command-servers/