Sunday, February 9, 2025
HomeMalwareEmotet Malware Uninstalls Itself From All The Infected Computers World Wide

Emotet Malware Uninstalls Itself From All The Infected Computers World Wide

Published on

SIEM as a Service

Follow Us on Google News

In January, the FBI, along with other law enforcement agencies around the world has recalled that the Emotet malware was automatically has been removed from all the infected computers.

The law enforcement agencies that are involved in this operation were from the Netherlands, Germany, the United States, Great Britain, France, Lithuania, Canada, and Ukraine.

According to the report, the agencies have managed to seized control over several hundred botnet servers; not only this, but the agencies have also turned off their entire infrastructure and have stopped all its malicious activities.

The law enforcement officers have used all their access to the Emotet control servers; as per the report, this malware has come under the control of the German Federal Criminal Police Office.

How the Uninstaller of Emotet Malware Works?

After trying so hard, the law enforcement agencies managed to stop the malware. But now the question arises that how the Emotet uninstaller works?

Once the law enforcement has identified the malware, the German federal police agencies implemented a very new Emotet module in the form of a 32-bit EmotetLoader.dll.

After implementing the module to all infected systems, the experts affirmed that it would eventually uninstall the malware on April 25th, 2021.

Once the security analysts changed the system clock on a test machine, they detected that the uninstaller only deletes the associated Windows services.

However, the Emotet uninstaller autoruns the Registry keys and then exits the process, and they left all other things on the infected or compromised machines.

Federal Police (Germany) is Behind the Emotet Uninstaller Module

The federal police agency of Germany had created a situation that will make the malware Emotet to be quarantined in the computer systems that the Emotet malware has compromised.

While Europol claimed that the German Bundeskriminalamt (BKA) federal police agency was responsible for generating and pushing the uninstall module and creating such a situation.

Not only this but the US Department of Justice (DOJ) has also agreed and asserted that the Bundeskriminalamt pushed the uninstaller module on the systems that were compromised by Emotet malware.

Purpose and Recommendation

The infrastructure that was present behind the Emotet is already being controlled by law enforcement, so the bots are not able to implement any other malicious operation.

All the victims of Emotet malware have been suggested to update their system, as it replaces the former one. Once the victims are done with the update process, their system will eventually get aware of its installation paths and be able to clean the machine.

However, Foreign law enforcement has been working along with the FBI and has replaced the Emotet malware on servers that have been located in their jurisdiction with a file that was initially created by the law enforcement.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Hackers Exploiting SimpleHelp Vulnerabilities to Deploy Malware on Systems

Cybercriminals are actively exploiting vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to...