G DATA Security Blog_Emotet: G DATA explains cybercrime's all-purpose weapon

[jasonX]

G DATA Security Blog_Emotet: G DATA explains cybercrime's all-purpose weapon

Mr. Hauke Gierow, G DATA Manager for Security Communications shares us his insights / relative information on "Emotet"

Emotet: G DATA explains cybercrime's all-purpose weapon

No other malware-family is as penetrating and has been in development as long as Emotet. The malware has already caused millions in damage in companies around the world. We explain what Emotet can do and why it is so dangerous.

Emotet is one of the most long-lasting and professional cybercrime tools of recent years. First discovered as a banking Trojan in 2014, the malware has evolved into a comprehensive go-to solution for cybercrime over the years. The malware acts as a door opener on a computer which prepares it for further infections.
 
"Emotet has been developed very professionally and continuously for years," says Anton Wendel, Security Engineer at G DATA Advanced Analytics. "On individual days, we discovered up to 200 new variants of Emotet. This rapid development is a way to try and hide the Malware from antivirus-solutions.” Even on quiet days, an analysis by Wendel shows at least 25 new versions of the malware. G DATA counters these new types of threats with its AI-powered solution DeepRay.

Spread via Word documents
The malware is usually delivered to the victims' computers via infected e-mail attachments in Word format. The criminals are constantly trying to send new messages to victims in order to trick them into allowing the active content of the document - usually macros. The path of infection therefore always relies on the user. Unlike other malwares, Emotet is not distributed via exploit kits or the browser. The criminals always come up with new reasons why users should click on the "allow active content" button. For example, they claim that a document has been created "with an online version of Office" or point to alleged compatibility problems.

"Companies could very easily protect themselves against infection with Emotet,"says Wendel. "The execution of macros can be completely disabled using a Group Policy. If macros are absolutely necessary for business operations, it is a good idea for companies to sign their own macros and only allow those signed macros to run.” For private users there is usually no need for macros at all, so they should never activate them.

What can Emotet do?
Emotet comes with very extensive espionage functions. For example, information about all processes running on the computer is transferred to the criminals. This allows conclusions to be drawn about the use of the PC - e.g. if accounting software is found to be running on it. Emotet also features a number of moduels that can be remotely activated. It should be noted, however, that not all of the functions mentioned below are executed on every infected computer. The Command-and-Control-Server decides which modules are activated.

More info on Source HERE

Related Story below

AI-powered solution DeepRay

G DATA Security Blog HERE