Wednesday, December 6, 2023

Emotet Malware Uninstalls Itself From All The Infected Computers World Wide

In January, the FBI, along with other law enforcement agencies around the world has recalled that the Emotet malware was automatically has been removed from all the infected computers.

The law enforcement agencies that are involved in this operation were from the Netherlands, Germany, the United States, Great Britain, France, Lithuania, Canada, and Ukraine.

According to the report, the agencies have managed to seized control over several hundred botnet servers; not only this, but the agencies have also turned off their entire infrastructure and have stopped all its malicious activities.

The law enforcement officers have used all their access to the Emotet control servers; as per the report, this malware has come under the control of the German Federal Criminal Police Office.

How the Uninstaller of Emotet Malware Works?

After trying so hard, the law enforcement agencies managed to stop the malware. But now the question arises that how the Emotet uninstaller works?

Once the law enforcement has identified the malware, the German federal police agencies implemented a very new Emotet module in the form of a 32-bit EmotetLoader.dll.

After implementing the module to all infected systems, the experts affirmed that it would eventually uninstall the malware on April 25th, 2021.

Once the security analysts changed the system clock on a test machine, they detected that the uninstaller only deletes the associated Windows services.

However, the Emotet uninstaller autoruns the Registry keys and then exits the process, and they left all other things on the infected or compromised machines.

Federal Police (Germany) is Behind the Emotet Uninstaller Module

The federal police agency of Germany had created a situation that will make the malware Emotet to be quarantined in the computer systems that the Emotet malware has compromised.

While Europol claimed that the German Bundeskriminalamt (BKA) federal police agency was responsible for generating and pushing the uninstall module and creating such a situation.

Not only this but the US Department of Justice (DOJ) has also agreed and asserted that the Bundeskriminalamt pushed the uninstaller module on the systems that were compromised by Emotet malware.

Purpose and Recommendation

The infrastructure that was present behind the Emotet is already being controlled by law enforcement, so the bots are not able to implement any other malicious operation.

All the victims of Emotet malware have been suggested to update their system, as it replaces the former one. Once the victims are done with the update process, their system will eventually get aware of its installation paths and be able to clean the machine.

However, Foreign law enforcement has been working along with the FBI and has replaced the Emotet malware on servers that have been located in their jurisdiction with a file that was initially created by the law enforcement.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.


Latest articles

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles