Emotet –

What is it?

Malware Trends Tracker names Emotet as the most widely spread piece of malware in the world. It was initially just a banking Trojan when first recorded in 2014 but has evolved so that it now downloads and installs other malware, including TrickBot, QBot, and ransomware, while sending out more malicious emails from the infected machine. In the early days, Emotet mainly targeted banks, companies and organizations, the Trojan is now primarily targeting private individuals as the developers of Emotet are subleasing their software and infrastructure to third parties.

What does it do?

Emotet evolved from a banking Trojan into a Dropper, which means that the Trojan reloads malware onto devices. These are then responsible for the actual damage to the system.

In most cases the following programs were ‘dropped’:

• Trickster (also known as TrickLoader and TrickBot): A banking Trojan that attempts to gain access to the login data of bank accounts.
• Ryuk : An Encryption Trojan – also known as a Cryptotrojan or Ransomware – encrypts data and thus blocks the user of the computer from accessing this data or the entire system.

The goal of the cybercriminals behind Emotet is often to extort money from their victims. For example, they threaten to publish or release the encrypted data they get access to as well as extort money to return the victims data.

How do you get it?

Emotet spreads mainly through spam emails. The respective email contains a malicious link or an infected document. If you download the document or open the link, further malware is automatically downloaded onto your computer. These emails were created to look very authentic and many people have fallen victim to Emotet.
It has used several approaches in its attempts to convince victims its emails are on the level. A malicious campaign last year used the name of activist Greta Thunberg along with a fake invitation from her to join a climate change protest. Earlier this year, Emotet exploited coronavirus fears by sending out loaded emails offering information on how to protect against Covid-19. The virus was recently seen utilized in another campaign, one that featured a document claiming to contain information on Donald Trump’s health after he tested positive. Emotet campaigns have also used emails disguised as volunteering opportunities within the Democratic Party, payment reports, Covid-19 alerts, shipping data, and job opportunities.

In its latest ability the Trojan reads emails from users already affected and creates deceptively real content. These emails appear legitimate and personal — thus stand out from ordinary spam emails. Emotet sends these phishing emails to stored contacts like, friends, family members, and work colleagues.

Which devices are at risk from Emotet?

Initially, infections by Emotet were only detected on more recent versions of the Microsoft Windows operating system. However, at the beginning of 2019 it became known that computers made by Apple were also affected by Emotet. The criminals lured users into a trap with a fake email from Apple support. Claiming the company would “restrict access to your account” if you didn’t respond. Victims were then told to follow a link to allegedly prevent the deactivation and deletion of their Apple services.

How to stay safe?

• Security updates: it is essential that you install updates provided by manufacturers as quickly as possible to close possible security gaps. This applies to operating systems such as Windows and macOS as well as any application programs, browsers, browser add-ons, email clients, Office, and PDF programs.
• Virus protection: Be sure to install a full virus and malware protection program and have it scan your computer regularly for vulnerabilities. This will give you the best possible protection against the latest viruses, spyware, etc.
• Do not download dubious attachments from emails or click on suspicious links. If you’re unsure whether an email is fake, don’t take any risks and contact the sender. If you are asked to allow a macro to run on a downloaded file, do not do so under any circumstances, but delete the file immediately. This way you will not give Emotet a chance to get on your computer in the first place.
• Back up your data regularly to an external storage device. In the event of an infection, you will always have a backup to fall back on and you will not lose all the data on your device.
• Use only strong passwords for all logins (online banking, email account, online stores). This means not the name of your first dog, but a random arrangement of letters, numbers, and special characters. You can either make these up yourself or have them generated by various programs. In addition, many programs nowadays offer the possibility of a two-factor authentication.
• File extensions: have your computer display file extensions by default. This allows you to detect dubious files such as „Photo123.jpg.exe”. which tend to be malicious programs.