You may have heard about Emotet in the news. What is it? The Emotet banking Trojan was first identified by security researchers in 2014. Emotet was originally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services. Including other banking Trojans.
Emotet uses functionality that helps the software evade detection by some anti-malware products. Emotet uses worm-like capabilities to help spread to other connected computers. This helps in distribution of the malware. This functionality has led the Department of Homeland Security to conclude that Emotet is one of the most costly and destructive malware, affecting government and private sectors, individuals and organizations, and costing upwards of $1M per incident to clean up.
If you still are not sure that your machine is affected with malicious software, then check your machine for the common symptoms of this infection:
- Your internet browser shows advertisements where previously you have never seen;
- Microsoft Edge, Google Chrome, Internet Explorer and Mozilla Firefox shows lots of annoying ads;
- Web-browser settings like home page and search provider are hijacked;
- Your antivirus software detects an infection;
- Internet connection may be slow.
What Is Emotet Trojan?
Emotet trojan also known as Geodo is high risk malware. It has designed to record personal information and increase other viruses.
Research shows that Emotet infiltrates systems without users’ consent. After successful infiltration, this malware modifies system settings and uses the infiltrated computer to proliferate itself further. Cyber criminals usually spread this virus using spam email campaigns.
A main feature of Emotet is to gather various sensitive information, including logins/passwords and browsing activity. Collected data often includes banking information. Therefore, the presence of Emotet can lead to serious privacy issues and significant financial loss (cyber criminals can misuse the data to transfer money or make various purchases).
Malware distribution is also an issue. Emotet works as a trojan. It opens “backdoors” for other high-risk viruses (e.g., Dridex) to infiltrate the system. These additional viruses might be more dangerous. Therefore, having Emotet installed on your system can lead to a chain of system infections.
Emotet is also capable of connecting the infected computer to a botnet, which is used to proliferate spam emails that distribute this malware. In addition, this malware hides within system folders and registers as a “system service”, thereby modifying Windows Registry settings so that it auto-runs when the system is started. Emotet hide its tracks and, therefore, is virtually impossible for regular users to detect. If you suspect that Emotet is present, immediately scan the system with a legitimate anti-virus/anti-spyware suite. In fact, have a reputable suite installed and running and scan the system periodically.
What Is the History of Emotet Trojan?
First identified in 2014, Emotet continues to infect systems and hurt users to this day, which is why we’re still talking about it, unlike other trends from 2014 (Ice Bucket Challenge anyone?).
Version one of Emotet was designed to steal bank account details by intercepting internet traffic. A short time after, a new version of the software was detected. This version, dubbed Emotet version two, came packaged with several modules, including a money transfer system, malspam module, and a banking module that targeted German and Austrian banks.
Current versions of the Emotet Trojan include the ability to install other malware to infected machines. This malware may include other banking Trojans or malspam delivery services.
By January of 2015, a new version of Emotet appeared on the scene. Version three contained stealth modifications designed to keep the malware flying under the radar and added new Swiss banking targets.
Fast forward to 2018: Current versions of the Emotet Trojan include the ability to install other malware to infected machines. This malware may include other banking Trojans or malspam delivery services.
How Does It Infect My Computer?
In most cases, Emotet is proliferated using spam email campaigns. The emails are delivered together with malicious attachments (usually Microsoft Word documents) or links, leading to execution of a malicious JavaScript file.
Once opened, malicious MS Word documents ask users to enable macro commands, otherwise the content will supposedly not be displayed properly. However, in doing so, users inadvertently grant the document permission to connect to a remote server and execute a JavaScript file designed to download and install Emotet into the system. Links that are attached to emails have an essentially identical function. They lead to malicious JavaScript files.
Cyber criminals typically disguise attachments/links as bills, invoices, and other finance-related documents that seem important. These emails usually deliver messages warning users about certain problems (e.g., unpaid bills, lost invoices, etc.) and advising them to open attached documents/files. Doing so results in infiltration of Emotet malware.
This is a common technique used to distribute trojan-type viruses. It is very effective, since many careless users open received attachments without understanding the possible consequences. This behavior often leads to various computer infections.
Who Does Emotet Trojan Target?
Everyone is a target for Emotet. To date, Emotet has hit individuals, companies, and government entities across the United States and Europe, stealing banking logins, financial data, and even Bitcoin wallets.
One noteworthy Emotet attack on the City of Allentown, PA, required direct help from Microsoft’s incident response team to clean up and reportedly cost the city upwards of $1M to fix.
Now that Emotet is being used to download and deliver other banking Trojans, the list of targets is potentially even broader. Early versions of Emotet were used to attack banking customers in Germany. Later versions of Emotet targeted organizations in Canada, the United Kingdom, and the United States.
Final Thoughts
As we have mentioned earlier in this article, the Emotet trojan virus can steal your private information. Such as your IP address, what is a web page you are viewing now, what you are looking for on the Internet, which links you are clicking, and much, much more. This virus may monetize its functionality by collecting data from your browsing sessions and selling it to third party companies. This puts your personal information at a security risk. But the thing which must be important here for you is to be careful and protect your devices from these kinds of attacks.
