Emotet

Emotet is a malware strain and a cybercrime operation. The malware, also known as Geodo and Mealybug, was first detected in 2014[1] and remains active, deemed one of the most prevalent threats of 2019.[2]

First versions of the Emotet malware functioned as a banking trojan aimed at stealing banking credentials from infected hosts. Throughout 2016 and 2017, Emotet operators updated the trojan and reconfigured it to work primarily as a "loader," a type of malware that gains access to a system, and then allows its operators to download additional payloads.[3] Second-stage payloads can be any type of executable code, from Emotet's own modules to malware developed by other cybercrime gangs.

Initial infection of target systems often proceeds through a macro virus in an email attachment. The infected email is a legitimate-appearing reply to an earlier message that was sent by the victim.[4]

It has been widely documented that the Emotet authors have used the malware to create a botnet of infected computers to which they sell access in an Infrastructure-as-a-Service (IaaS) model, referred in the cybersecurity community as MaaS (Malware-as-a-Service), Cybercrime-as-a-Service (CaaS), or Crimeware.[5] Emotet is known for renting access to infected computers to ransomware operations, such as the Ryuk gang.[6]

As of September 2019, the Emotet operation continues to be active, running on top of three separate botnets called Epoch 1, Epoch 2, and Epoch 3.[7]

Noteworthy infections

References
  1. "Emotet's Malpedia entry". Malpedia. 2020-01-03.
  2. Ilascu, Ionut (2019-12-24). "Emotet Reigns in Sandbox's Top Malware Threats of 2019". Bleeping Computer.
  3. Christiaan Beek. "Emotet Downloader Trojan Returns in Force". McAfee.
  4. Schmidt, Jürgen (June 6, 2019). "Trojaner-Befall: Emotet bei Heise" (in German). Heise Online. Retrieved November 10, 2019.
  5. Brandt, Andrew (2019-12-02). "Emotet's Central Position in the Malware Ecosystem". Sophos. Retrieved 2019-09-19.
  6. "North Korean APT(?) and recent Ryuk Ransomware attacks". Kryptos Logic.
  7. Cimpanu, Catalin (2019-09-16). "Emotet, today's most dangerous botnet, comes back to life". ZDnet. Retrieved 2019-09-19.
  8. "Malware infection poised to cost $1 million to Allentown, Pa". washingtontimes.com. The Washington Times. Retrieved November 12, 2019.
  9. "Emotet malware gang is mass-harvesting millions of emails in mysterious campaign". zdnet.com. ZDNet. Retrieved November 12, 2019.
  10. "Emotet: Trojaner-Angriff auf Berliner Kammergericht". spiegel.de (in German). Der Spiegel. Retrieved November 12, 2019.
  11. "Emotet: Wie ein Trojaner das höchste Gericht Berlins lahmlegte". faz.net (in German). Frankfurter Allgemeine Zeitung. Retrieved November 12, 2019.
  12. "Trojaner greift Netzwerk von Humboldt-Universität an". dpa (in German). Heise Online. November 9, 2019. Retrieved November 10, 2019.
  13. "Trojaner-Befall: Uni Gießen nutzt Desinfec't für Aufräumarbeiten" (in German). Heise Online. December 19, 2019. Retrieved December 22, 2019.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.