Emotet
Emotet is a malware strain and a cybercrime operation. The malware, also known as Geodo and Mealybug, was first detected in 2014[1] and remains active, deemed one of the most prevalent threats of 2019.[2]
First versions of the Emotet malware functioned as a banking trojan aimed at stealing banking credentials from infected hosts. Throughout 2016 and 2017, Emotet operators updated the trojan and reconfigured it to work primarily as a "loader," a type of malware that gains access to a system, and then allows its operators to download additional payloads.[3] Second-stage payloads can be any type of executable code, from Emotet's own modules to malware developed by other cybercrime gangs.
Initial infection of target systems often proceeds through a macro virus in an email attachment. The infected email is a legitimate-appearing reply to an earlier message that was sent by the victim.[4]
It has been widely documented that the Emotet authors have used the malware to create a botnet of infected computers to which they sell access in an Infrastructure-as-a-Service (IaaS) model, referred in the cybersecurity community as MaaS (Malware-as-a-Service), Cybercrime-as-a-Service (CaaS), or Crimeware.[5] Emotet is known for renting access to infected computers to ransomware operations, such as the Ryuk gang.[6]
As of September 2019, the Emotet operation continues to be active, running on top of three separate botnets called Epoch 1, Epoch 2, and Epoch 3.[7]
Noteworthy infections
- Allentown, Pennsylvania, city located in Pennsylvania, United States (2018)[8][9]
- Heise Online, publishing house based in Hanover, Germany (2019)[4]
- Kammergericht Berlin, the highest state court of Berlin, Germany (2019)[10][11]
- Humboldt University of Berlin, university in Berlin, Germany (2019)[12]
- Universität Gießen, university in Germany (2019)[13]
References
- "Emotet's Malpedia entry". Malpedia. 2020-01-03.
- Ilascu, Ionut (2019-12-24). "Emotet Reigns in Sandbox's Top Malware Threats of 2019". Bleeping Computer.
- Christiaan Beek. "Emotet Downloader Trojan Returns in Force". McAfee.
- Schmidt, Jürgen (June 6, 2019). "Trojaner-Befall: Emotet bei Heise" (in German). Heise Online. Retrieved November 10, 2019.
- Brandt, Andrew (2019-12-02). "Emotet's Central Position in the Malware Ecosystem". Sophos. Retrieved 2019-09-19.
- "North Korean APT(?) and recent Ryuk Ransomware attacks". Kryptos Logic.
- Cimpanu, Catalin (2019-09-16). "Emotet, today's most dangerous botnet, comes back to life". ZDnet. Retrieved 2019-09-19.
- "Malware infection poised to cost $1 million to Allentown, Pa". washingtontimes.com. The Washington Times. Retrieved November 12, 2019.
- "Emotet malware gang is mass-harvesting millions of emails in mysterious campaign". zdnet.com. ZDNet. Retrieved November 12, 2019.
- "Emotet: Trojaner-Angriff auf Berliner Kammergericht". spiegel.de (in German). Der Spiegel. Retrieved November 12, 2019.
- "Emotet: Wie ein Trojaner das höchste Gericht Berlins lahmlegte". faz.net (in German). Frankfurter Allgemeine Zeitung. Retrieved November 12, 2019.
- "Trojaner greift Netzwerk von Humboldt-Universität an". dpa (in German). Heise Online. November 9, 2019. Retrieved November 10, 2019.
- "Trojaner-Befall: Uni Gießen nutzt Desinfec't für Aufräumarbeiten" (in German). Heise Online. December 19, 2019. Retrieved December 22, 2019.