Emotet malware is experiencing explosive growth

Get a free Techzine subscription!

The number of variants of the Emotet malware is experiencing explosive growth, as discovered by security company G DATA. The malware was still aimed at financial institutions when it was discovered in 2014, but is now widely used for industrial espionage, for example.

Emotet is one of the most destructive financial trojans in the world, and was developed by a group called Mealybug. The malware is available as a platform for other hackers. In February, Menlo Security already warned that the malware was back, and also with new techniques.

Now G DATA also comes with a warning. The security company states that there were more variants of the malware in the past six months than in the whole of 2018. Last year there were 28,000 variants – an average of 70 new versions per day – in the first half of this year there were 33,000, with an average of 200 new versions per day.

New versions

The G DATA security researchers see that the malware is modified at short intervals to give it a new look. This results in new versions, which are more difficult to detect.

The malware acts as a kind of bridgehead on the systems of infected users and is usually distributed via Word documents with harmful macros, says Eddy Willems, Security Evangelist at G DATA.

Social engineering methods are then used to encourage users to activate them. A Powershell command is then executed in the background to install the actual malware. After infection, Emotet can download numerous modules.

Brute force

In the first instance, the malware was mainly used to attack financial institutions. Today, the number of attacks on sectors such as health care, insurance and the financial sector has also increased significantly, according to Menlo Security in February.

In addition, the deployment of the malware has changed. The malware now also serves as a brute-force attacker. Furthermore, it can set up Business Email Compromise (BEC) messages through compromised accounts, to create loopholes and steal financial data.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.