At the end of January 2021, the Federal Criminal Police Office
announced the end of the Emotet malware. The German
authorities first took over the infrastructure of the world's most
dangerous malware and then smashed it. But now the Trojan is
back. And with it: an all-purpose weapon for cybercriminals.
It must have been almost a cinematic scene when the Ukrainian police
broke open an apartment door with a chisel at the end of January 2021
and then stormed a run-down prefabricated building in the city of Kharkiv.
But instead of a highly secured server infrastructure, the officials found
only a few screwed-on computers, old mobile phones and hard drives
lying around. From this run-down apartment, however, the malware
Emotet is said to have been administered.
In cooperation with the Federal Criminal Police Office (BKA) and seven other countries, the
investigators put an end to the pollutant software on this day.
As a result, the German authorities were able to first take over the infrastructure for the
world's most dangerous Trojan and then smash it. But now, about 10 months later, Emotet is
back. And thus also one of the most dangerous all-purpose weapons for cybercriminals.
The world's most dangerous Trojan is back
After the international team of investigators was able to smash the malware, the BKA spoke
of a "significant blow against internationally organized cybercrime". Arne Schönbohm,
The President of the Federal Office for Information Security (BSI), even described the Trojan as
the "king of malware".
But as an old herald formula already says: The king is dead, long live the king. Because
Emotet is back. The IT experts of the Bochum-based software company G DATA have rediscovered the malware. A first suspicion has also been confirmed as a result of a
comprehensive analysis.
During the investigation, the software experts noticed that systems already infected with the
TrickBot malware was removing another file from the Internet. This was then recognized as
Emotet. It is true that the malware is not identical to the original version.
However, the new Emotet Trojan has several technical similarities. In particular, similar
structures would be revealed in the source code. The discovery has now also been
confirmed by numerous other IT experts.
What is Emotet and how does
the malware work?
The malware Emotet was first discovered around 2014. The version at
that time was designed as a banking Trojan to access the access data in
online banking. Cybercriminals spread the malware using manipulated
email attachments and infected documents.
But between 2016 and 2017, hackers changed their business model.
Since then, the Trojan has been regarded as a door opener for further
criminal activities. With the help of Emotet, cybercriminals can spread
their own malware on infected computers.
They get access to the contaminated computers from the actual Emotet
hackers, who open the door for their criminal colleagues.
Once installed, the Trojan can optionally read email mailboxes, copy
address books, decrypt passwords and install other malware on an
infected computer.