The Emotet infrastructure, the most dangerous and prevalent malware in recent years, was demolished in an operation organized by Europol and Eurojust with the assistance of authorities from the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine.
EMOTET was found in 2014 as a banking Trojan impacting consumers of banking in stitutions in Germany and Austria. Since then, it has grown into a solution that perfectly matches the needs of cybercrime. It has evolved into more than just malware. The Emotet threat caused significant damage because it was made available for rent to other cybercriminals under the Malware-as-a-Service system for the installation of other types of malware, such as banking trojans or ransomware (TrickBot or Ryuk).
Emotet was able to refine email as an attack vector, and the use of a fully automated process allowed malware to be widely distributed to victims’ computers as email-infected attachments such as Word documents or as a download link in a text message composed using social engineering techniques to persuade the victim.
According to the information provided in the EUROPOL press release, Emotet’s infrastructure consisted of thousands of servers spread across several countries that served a variety of functions, including command and control, managing infected equipment, spreading malware to new computer systems, and preventing authorities from gaining access to infrastructure.
EMOTET is a polymorphic malware that allows it to trick some antivirus systems through permanent alterations, making it a complex threat. Users must be cautious when receiving text, attachments, or sender emails that raise red flags in order to protect themselves from this attack.
During the Dutch police inquiry, a database containing email addresses and passwords stolen by Emotet was discovered, giving the interested the opportunity to see if their email address was included in the “Emotet capture.”