The Emotet trojan is a common piece of malware found on the internet. A trojan is a type of malware that looks akin to a genuine piece of data, but actually carries destructive software within. This is similar to the Trojan horse from the days of the Greeks, but it's not a physical horse. The malware is initially sent to a victim by email. Most would consider it to be spam, but some are enticed to open it. If the infected link or document is opened then the malware is released onto your computer and it has the potential to do the following.
Once released the malware downloads the Pinkslipbot and the Dridex banking trojan. The Pinkslipbot is an automatic program that runs in the background of your system. This bot can receive commands from the attacker and the attacker can use your machine at their own discretion. The primary goal of the malware is to eavesdrop for your network traffic and steal user information to gain access to banking accounts. Furthermore, it uses the information it’s learned from your computer to spread to others.
Emotet has four different capabilities that it can use to steal a victims data. For instance, an Outlook Scraper tool that takes the “names and email addresses from the victim’s Outlook accounts and uses that information to send out phishing emails from the compromised attack (CIS Security, 2018).” The malware essentially steals the victim’s online identity and can be used to impersonate the victim. Its objective is to entice others to click on the malware and spread to more victims. Another module of the malware will capture stored passwords from the users email browser. These types of passwords include those used for Facebook and other online accounts. This enables an attacker to gain additional personal information about the victim and increase the chances of identity theft. Emotet has a third capability and that is to recover passwords from several types of email accounts. Finally, Emotet creates a “self-extracting RAR file containing a bypass (CIS Security, 2018)” that will enumerate the target network. This means the malware will gather information on a victims system and send it back to the attacker. Additionally, it will try to brute force other user accounts on the system. A brute force attack is when an attacker system guesses all of the possibilities of a password until it cracks the password. Eventually, once the trojan has gained this much access it will write itself to the hardware so it becomes persistent. This allows an attacker access to the victims computer any time they want.
If you become a victim to the Emotet malware do not fear! Today, several antivirus companies are aware of the malware and can get rid of it. It is also suggested that you reset your passwords for all of your accounts if you become infected. Stay Safe!
For a more visual representation of how the malware works check out the following link: https://support.malwarebytes.com/hc/en-us/articles/360038524714
Go to https://www.hireacyberpro.com/ to learn more. Or email your questions to firstname.lastname@example.org. Be sure to check out and follow my LinkedIn page! https://www.linkedin.com/company/hire-a-cyber-pro.
Center for Internet Security, 2018. Top 10 Malware January 2018.
Malwarebytes, 2018. Protect Your Network from Emotet Trojan