The malware initially spreads through email spam.
Naked Security explains:
Network worms and Trojan malware are back with a vengeance. A good example is WannaCry, which infected hundreds of thousands of computers across the globe in May. Now comes Emotet – malware with worm and trojan characteristics that exploits weak admin passwords to spread across a victim’s network.
SophosLabs has seen a surge in Emotet cases in the past week and has blocked it from customer computers. Its payload is a form of banking Trojan designed to steal a user’s online banking details. Labs researcher Tad Heppner described it this way:
Emotet is a trojan although it also contains the functionality necessary to be classified as a worm. The primary distinction is that a trojan requires some degree of social engineering to trick a human into enabling the spread of the infection whereas a worm can spread to other systems without the aid of a user. Emotet downloads then executes other payloads, so even though its core component is not directly a worm, it does have the potential to download and execute another component to spread itself to other systems.