Emotet disrupted through global action
Emotet, one of the most active and dangerous botnets, has been taken down by international authorities, in an operation coordinated by Europol and Eurojust. One of the most prevalent botnets over the past decade, Emotet first emerged in 2014 as a banking Trojan but evolved into a malware downloader used by many cybercriminals looking to spread their malicious payloads. This email spamming botnet has been used to distribute malicious Word attachments that further install additional malicious threats known as TrickBot and Qbot.
Emotet has become, as Europol described it, “a primary door opener for computer systems on a global scale,” as its operators were selling access to infected computers to cybercrime groups that engaged in activities such as data theft or extortion.
Using automation, Emotet’s operators were spreading the Trojan via malicious email attachments, leveraging a broad range of lures to trick victims into opening them. Some of the emails were masquerading as invoices and shipping notices, while others featured COVID-19 themes.
Malicious documents attached to the emails or linked to in the message would ask the user to enable macros, which allowed malicious code to run in the background and install Emotet.
A few days ago, the joint effort of law enforcement agencies from Germany, the Netherlands, the U.S., the U.K, Lithuania, France, Ukraine, and Canada disrupted the malware’s infrastructure. After law enforcement took control over the botnet, they are now spreading a module that will uninstall the malware on March 25, 2021. This could be a major interruption that will make it very hard for Emotet to get active again.