Emotet – The Chameleon Trojan

Like a fine wine Emotet has only become more sophisticated with age. The Trojan, first identified in 2014, began its life as banking malware but has gone on to include both spam and malware delivery services.

Emotet is polymorphic, meaning it can change each time it is downloaded, allowing it to evade signature-based detection. The Trojan also knows if it is running inside a virtual machine and will lay dormant if it detects a sandbox environment. These features have led the US Department of Homeland Security to conclude that Emotet is one of the most costly and destructive malwares, affecting individuals, as well the public and private sector.

The Trojan is primarily spread through spam emails, using the branding of well-known companies to convince the recipient of its legitimate origins. At a glance, the below example could easily pass as an authentic request to update your Microsoft office. However, upon closer examination, the text is incoherent and an attempt to compromise an endpoint.

The spread of Emotet can be both quick and exponential. As part of the initial infection, Emotet ransacks your contacts list, to then send itself to all your connections.  If a connected network is also present, Emotet spreads using a list of common passwords, manoeuvring its way onto other connected systems in a brute force attack.

From a UK perspective, Malwarebytes detected 3.2 million instances in the last 30 days, at the start of January 2019. For the same time period, there were 11.2 million instances found worldwide. Further illustrating the truly prolific spread of Emotet despite its age.

There are of course a number of steps you can take to reduce your vulnerability to Emotet and Malware in general.

Step one, continually update all software in use on your endpoint, patches implemented by vendors will make them more secure. Step two, never open or download suspicious attachments. By taking a couple of minutes to investigate the authenticity of a link’s source, this will prevent a common entry point for cyber criminals. Step three, create a strong password which can be then be further secured with a two-factor authentication solution.

It’s time to unmask the chameleon and try Malwarebytes for yourself with this free trial.

Contact me for more information on the Malwarebytes solutions.

Giorgio Orthodoxou – 0116 2438600  | Giorgio.Orthodoxou@kitedistribution.co.uk