5 things you didn’t know about Emotet malware

If you thought your family tree was complicated, wait till you hear about the Emotet family tree, which took root in 2014 when Emotet first made its debut. At that time, Emotet was classified as a simple banking Trojan aimed at stealing banking credentials from the computers it infected. Since then, however, Emotet has also become a “loader”; malware that allows its remote operators to download additional payloads onto the systems it infects. 

Then, in August of 2017, Emotet hooked up with Dridex, another banking Trojan and essentially created a “partnership” between two banking Trojans. Emotet thus further evolved into a technically sophisticated malware that plays a large and expanding role in a criminal ecosystem that joins cyber criminals and malware. And Emotet has continued to branch out and is now part of a malware group that includes the Bugat/Feodo/Geodo/Heodo/Cridex/Dridex malware banking families.

See? Complicated. Plus there are even more details about Emotet that you probably didn’t know either that just add to its complexity.

So what else don’t you know about Emotet?

Here are five more things:

1.It has other names. Just to make the Emotet family tree seem even more complicated, Emotet also has other names: Geode, and a personal favorite, Mealybug. 

2. It had a book named after it. Well, not exactly a book, but a playbook. Actually, there have been several, but this just speaks to how menacing and insidious Emotet is. In fact, the US Department of Homeland Security identifies Emotet as “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”  Emotet playbooks describe the Emotet infection process and its subsequent behavior after it has infected its targeted device.

3. It changes. In an effort to evade signature-based detection, Emotet changes itself every time it’s downloaded. This is one reason why it’s critical to install comprehensive anti-malware software that uses not only signature-based detection for detecting known malware, but also advanced detection technologies such as behavior-based and heuristics-based detection that detect new and emerging malware. Anti-malware solutions that rely on several detection technologies can better perform malware analysis, including Emotet malware analysis, and therefore more successfully deter, detect, and remove malware. 

Furthermore, since Emotet is spread through a variety of attack vectors including malicious spam (malspam) and malicious URLs, the antivirus solution you use should be able to block malicious websites, scan for suspicious links, and stop phishing campaigns. Additionally, Emotet frequently downloads ransomware and spyware so your anti-malware solution should also have anti-ransomware and microphone and camera protection.

4. Its unique and central role in malware delivery is based on a Software as a Service (SaaS) business model. Yes, much like Software-as-a-Service (SaaS) business models that host legitimate applications and make them available to customers over the Internet, Emotet is based on a Malware-as-a-Service (MaaS) business model, only Emotet is anything but legit. A better name would be malware mercenary. The latest variant of Emotet earns its revenue primarily by selling access to its botnet infrastructure of other Emotet-infected computers so criminal actors can infect them with more malware. 

5. It does not discriminate. Emotet targets everyone including individuals, large, medium and small businesses, banking sites, and government entities. And it doesn’t care about geographic boundaries either. It has happily targeted the US, Italy, Spain, Germany, Brazil, Mexico, Japan, Vietnam and many other countries.

One more thing you should know

As a member of the Trojan malware family, Emotet was characteristically designed to be stealthy and infiltrate its victim’s computer without detection. Consequently, there are no particular symptoms that are clearly visible on infected machines that would alert users that they’ve been breached. This is why a comprehensive anti-malware solution, installed and running, is so important to your cybersecurity – best to keep Emotet far and away from your computers.

Back to family trees and cybersecurity

While there’s not much you can do about your family tree, even if you wanted to, there is plenty you can do about your cybersecurity. You can increase your awareness and knowledge of cyber threats so that you better know how to recognize and avoid them; you can implement strong cybersecurity measures such as following proper password protocols and keeping all of your software up to date, and you can install antivirus software that keeps Emotet and its destructive forces off your computer and away from your data.