Emotet Botnet is No More
What started in 2014 as a simple banking trojan to steal financial credentials has now grown into a go-to tool for many cybercriminals. Emotet malware has been developed gradually to add new functionalities and evade detection, and stood as the best backdoor malware helping others. It was used by TrickBot trojan, Ryuk ransomware, and several others to occupy the compromised machines in a botnet and deploy their own malware to fulfill relevant needs. This malware starts its operations by a phishing attack, where it embeds its malware in a Word document format or send a URL to the target. When clicked or opened, it will covertly download and install the malware behind the scenes while showing something over the screen as a decoy to the victim. Once in, it will set a backdoor and sell this access to other cybercriminals including the ransomware operators and APTs! It has grown so big that, it was powering nearly 70% of the world’s malware market.
Now, it was taken down by the police after two years of work. It’s said the investigation group led by British NCA, and others including Germany, Netherlands, the UK, US, Lithuania, France, Canada, and Ukraine has worked for two years tracking the malware’s operations and spotted a location in Ukraine.
Police have seized the computers, mobile phones, currency, and even gold bars from the location. They reported that about $10.5 million was being moved by the Emotet operators over the past two years. Also, they’ve spent over $500,000 for their infrastructure’s maintenance. Though seizing them, police were unable to uninstall the malware from the victim’s systems but redirected all those systems to a domain controlled by police. Operators of the botnet weren’t caught and said to be spotting soon.