MetaDefender Prevents Emotet - The World’s Most Dangerous Malware

What is Emotet? Why is it dangerous?

Emotet is an extraordinarily advanced and destructive family of malware, with the capability of escaping detection, dropping malware onto victims’ computer, and spreading to other connected devices.

Emotet was first identified by security researchers in 2014 as a self-propagating banking trojan created to steal sensitive and private data. Later versions of it evolved into one of the most powerful forms of malware used by cybercriminals as a malware delivery service.(1) It targets critical industries globally, including banking, e-commerce, healthcare, academia, government, and technology.

Department of Homeland Security considers Emotet as one of the most costly and harmful malware that costs upwards of $1 million per incident to remediate.(2) It infected more than 1.6 million computers and caused hundreds of millions of dollars in damages worldwide.(3) As of December 2020, it was the world's most prevalent malware, affecting 7% of organizations across the globe.(4) More information about Emotet and its recent activities is described in our previous blog post.

How does Emotet spread?

The primary distribution method for Emotet is through spam emails containing malicious attachments or hyperlinks. Various lures are used to trick victims into opening infected attachments or clicking on malicious links. The emails can be designed to appear to come from a legitimate source, from somebody in the victim’s contact list, presented as invoices, or be disguised as delivery notices and documents about the Coronavirus pandemic, etc. For example, last February, a deceptive email campaign containing an infected Word attachment, which pretended to be about COVID-19 infection prevention measures, was dispatched widely in Japan.(5)

Security analysts at Microsoft discovered a pivot in tactics from the usual Emotet campaign that involves attaching encrypted archive files, such as Zip files, in the email attacks in order to escape email security gateways. (6) These emails lure victims into opening these attachments/hyperlinks and enabling macros to view or edit the document.

Once the victims enable embedded macros, Emotet downloads additional malware to their computer, and attempts to spread the threat to the entire network. The infected network is then added to Emotet’s botnet, so the hacker takes full control over the network from a remote location.(7)

How can MetaDefender prevent Emotet and protect your network?

The one aspect that makes Emotet particularly dangerous is that it can evade detection by some anti-malware products. With MetaDefender – an advanced threat prevention solution from OPSWAT, there is no way for Emotet to infect your devices and network.

1. OPSWAT Metascan quickly scans files and emails sent to your organization with 30+ anti-malware engines that detect over 99% of known malware. See here the scan results showing Emotet detection by our multiscanning technology. 22 out of 37 anti-malware engines successfully detected the malware. If you use a single anti-malware engine and it cannot detect the malware, your computer will be infected. Research shows that as more anti-malware engines are added, malware detection rates improve.

2. Even if the sophisticated evasive malware bypasses anti-malware engines, it is completely neutralized by OPSWAT Deep Content Disarm and Reconstruction technology (Deep CDR). All files, emails, attachments including password-protected archives, are recursively sanitized before being released to end-users. As shown in the processing results, all malicious embedded active contents, including 1 image and 4 macros, are removed and sanitized. No threat is detected after sanitization. Users are protected from all threats.

3. Analyzing Emotet malware with OPSWAT Sandbox, malicious activity was detected within 3 minutes. Our Sandbox technology detonates the malware in a controlled environment to expose malicious behavior by recording and classifying file behavior. A detailed report is provided for further malware analysis.

Along with the commercialization of cybercrime, hackers continue to evolve technologically sophisticated attacks. Complex malware with evasion capabilities like Emotet is created by skillful threat actors to bypass traditional security defenses. Every organization, especially critical infrastructure, needs an advanced threat prevention solution to defend against ever-evolving threats.

Contact us now to learn more about OPSWAT’s advanced technologies and how OPSWAT MedaDefender can help protect your organization from progressively sophisticated cybercrimes.

References

(1) Palmer, Danny. 2021. "Malware And Botnets: Why Emotet Is Dominating The Malicious Threat Landscape In 2019 | Zdnet". Zdnet. https://www.zdnet.com/article/malware-and-botnets-why-emotet-is-dominating-the-malicious-threat-landscape-in-2019/.

(2) "Emotet Malware | CISA". 2021. Us-Cert.Cisa.Gov. https://us-cert.cisa.gov/ncas/alerts/TA18-201A.

(3) "Emotet Botnet Disrupted In International Cyber Operation". 2021. Justice.Gov. https://www.justice.gov/opa/pr/emotet-botnet-disrupted-international-cyber-operation.

(4) "December 2020’s Most Wanted Malware: Emotet Returns As Top Malware Threat | Check Point Software". 2021. Check Point Software. https://www.checkpoint.com/press/2021/december-2020s-most-wanted-malware-emotet-returns-as-top-malware-threat/.

(5) Cluley, Graham. 2021. "Coronavirus - Hackers Exploit Fear Of Infection To Spread Malware". Graham Cluley. https://grahamcluley.com/coronavirus-malware/.

(6) "Emotet Malware | CISA". 2021. Us-Cert.Cisa.Gov. https://us-cert.cisa.gov/ncas/alerts/aa20-280a.

(7) Cluley, Graham. 2021. "Emotet Botnet Takedown – What You Need To Know". The State Of Security. https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/emotet-botnet-takedown-what-you-need-to-know/.


    For more information, please contact one of our critical infrastructure cybersecurity experts.

    Sign up for Blog updates
    Get information and insight from the leaders in advanced threat prevention.