Emotet: International operation takes down world’s most dangerous malware

Credit: Michael Geiger

Emotet, considered to be the most dangerous malware botnet in the world, has been stopped thanks to an international takedown.

Coordinated by the European Union Agency for Law Enforcement Cooperation (Europol) and European judicial co-operation agency Eurojust, the global operation was made up of investigators from the United States, England, Canada, France, Netherlands, Lithuania and the Ukraine.

The operation, which had been in the works for the past two years, is believed to be one of the biggest moves against cyber-criminal organisations and malware strains in years.

The Emotet malware was detected as a banking trojan in 2014 and over the years was updated to became increasingly dangerous; cyber criminals capable of targeting systems with damaging software in order to steal passwords and other sensitive information. Making it all the more difficult to stop was its polymorphic make-up, essentially changing its code each time it was called up.

There were a number of large-scale attacks, including on Germany’s Berlin Court of Justice and petroleum and natural gas giant Saudi Aramco.

“The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale,” said Europol. “Once this unauthorised access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware.”

Europol said it took Emotet down “from the inside,” redirecting infected computers and devices to a “law enforcement-controlled infrastructure.”  

“The take-down of Emotet is a milestone in the fight against cybercrime” said Adolf Streda, Malware Analyst at cybersecurity software company Avast.

“Emotet has been like a Swiss army-knife, with functionalities to steal people’s passwords, steal money from their bank accounts, and also adding victim’s machines to botnets, to launch further phishing campaigns. It has been using strong obfuscation methods to avoid being captured by antivirus solutions, and it has been offered by the original threat actors as malware-as-a-service to other cybercriminals. Having such a wide reach and many prevalent families linked to their infrastructure is why seeing it disarmed by the authorities is positive news for the world of cybersecurity.”

The Dutch National Police discovered a database containing e-mail addresses, usernames and passwords stolen by Emotet. You can find out if your email may have been compromised HERE.


Keep up to date with Dynamic Business on LinkedInTwitterFacebook and Instagram.

By Guillermo Troncoso

Guillermo is the Editor of Dynamic Business and Manager of film & television entertainment site ScreenRealm.com. Follow him on Twitter.