Emotet Malware Uninstalls Itself From All The Infected Computers World Wide

In January, the FBI, along with other law enforcement agencies around the world has recalled that the Emotet malware was automatically has been removed from all the infected computers.

The law enforcement agencies that are involved in this operation were from the Netherlands, Germany, the United States, Great Britain, France, Lithuania, Canada, and Ukraine.

According to the report, the agencies have managed to seized control over several hundred botnet servers; not only this, but the agencies have also turned off their entire infrastructure and have stopped all its malicious activities.

The law enforcement officers have used all their access to the Emotet control servers; as per the report, this malware has come under the control of the German Federal Criminal Police Office.

How the Uninstaller of Emotet Malware Works?

After trying so hard, the law enforcement agencies managed to stop the malware. But now the question arises that how the Emotet uninstaller works?

Once the law enforcement has identified the malware, the German federal police agencies implemented a very new Emotet module in the form of a 32-bit EmotetLoader.dll.

After implementing the module to all infected systems, the experts affirmed that it would eventually uninstall the malware on April 25th, 2021.

Once the security analysts changed the system clock on a test machine, they detected that the uninstaller only deletes the associated Windows services.

However, the Emotet uninstaller autoruns the Registry keys and then exits the process, and they left all other things on the infected or compromised machines.

Federal Police (Germany) is Behind the Emotet Uninstaller Module

The federal police agency of Germany had created a situation that will make the malware Emotet to be quarantined in the computer systems that the Emotet malware has compromised.

While Europol claimed that the German Bundeskriminalamt (BKA) federal police agency was responsible for generating and pushing the uninstall module and creating such a situation.

Not only this but the US Department of Justice (DOJ) has also agreed and asserted that the Bundeskriminalamt pushed the uninstaller module on the systems that were compromised by Emotet malware.

Purpose and Recommendation

The infrastructure that was present behind the Emotet is already being controlled by law enforcement, so the bots are not able to implement any other malicious operation.

All the victims of Emotet malware have been suggested to update their system, as it replaces the former one. Once the victims are done with the update process, their system will eventually get aware of its installation paths and be able to clean the machine.

However, Foreign law enforcement has been working along with the FBI and has replaced the Emotet malware on servers that have been located in their jurisdiction with a file that was initially created by the law enforcement.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including two zero-day exploits showcased at the…

2 hours ago

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and turning them into bots for the…

2 hours ago

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across various sectors, including education, cryptocurrency, and…

21 hours ago

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two Chinese Advanced Persistent Threat (APT) groups…

22 hours ago

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft SharePoint Server, CVE-2023-24955. This vulnerability poses…

23 hours ago

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included in the Edge Bounty Program. The…

23 hours ago