From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Emotet[1] is a banking trojan malware program which obtains financial information by injecting computer code into the networking stack of an infected Microsoft Windows computer,[2] allowing sensitive data to be stolen via transmission.[3] Emotet malware also inserts itself into software modules which are then able to steal address book data and perform denial of service attacks on other systems.[4] It also functions as a downloader or dropper of other banking Trojans.[1]

Emotet has evolved in its delivery, however the most prominent form has been inserting malicious documents or URL links inside the body of an email sometimes disguised as an invoice or PDF attachment.[5]

First reported in Germany, Austria, and Switzerland in 2014, the United States quickly followed suit encountering Emotet malware not necessarily through fake invoices, but rather through malicious JavaScript (.JS) files; when the malicious .JS files are executed, Emotet malware is then able to infect the current host.[6]

Once Emotet has infected a host, a malicious file that is part of the malware is able to intercept, log, and save outgoing network traffic via a web browser leading to sensitive data being compiled to access the victim's bank account(s).[7]

Emotet is a member of the Feodo Trojan family of trojan malware.[8] When run in a virtual machine environment, Emotet changes its behavior in ways that are intended to mislead malware investigators.[9]

As of September 2019, Emotet continues to be active.[10]


  1. ^ a b "Emotet Malware – Alert (TA18-201A)". US-CERT. 2018-07-20.
  2. ^ Kovacs, Eduard (June 30, 2014). ""Emotet" Banking Malware Steals Data Via Network Sniffing". SecurityWeek. Retrieved 2017-05-22.
  3. ^ Shulmin, Alexey. "The Banking Trojan Emotet: Detailed Analysis". Securelist. Retrieved 14 June 2017.
  4. ^ "Emotet". New Jersey Cybersecurity and Communications Integration Cell. April 26, 2017. Retrieved 2017-05-22.
  5. ^ "Emotet Changes TTPs and Arrives in United States". Center for Internet Security. Retrieved 14 June 2017.
  6. ^ Masters, Greg. "Emotet banking trojan debuts in U.S." SC Media. Retrieved 14 June 2017.
  7. ^ Salvio, Joio. "New Banking Malware Uses Network Sniffing for Data Theft". Trend Micro. Retrieved 14 June 2017.
  8. ^ "Emotet Changes TTPs and Arrives in United States". Center for Internet Security. Retrieved 2017-05-22.
  9. ^ Shulmin, Alexey (April 9, 2015). "The Banking Trojan Emotet: Detailed Analysis - Securelist". Securelist. Retrieved 2017-05-22.
  10. ^ Cimpanu, Catalin (2019-09-16). "Emotet, today's most dangerous botnet, comes back to life". ZDnet. Retrieved 2019-09-19.