Known on the malware scene since 2014, Emotet is a banking Trojan that had its 15 minutes of fame and that in recent months has had a rebound in activity, eagerly returning and affecting a large number of users and companies. Its key is that it is part of a series of emails with different objectives and users, but the same purpose: to urge you to open it so that Emotet sneaks into your team.
The False Salary Increase
The main objective of the Emotet Trojan is to steal the credentials of users of online services, and can do so in combination with other types of malware, such as ransomware or other banking Trojans. Last Christmas we saw him starring in a Phishing campaign.
The objective of the malware is to capture financial credentials, user names, passwords and email addresses to be able to replicate, although “the possible installation of another type of malware on the victim’s computer, such as ransomware or Trojans, is not ruled out. banking ”.
But here is one of these curious cases that the cyberworld has in store for us from time to time. A case of hackers seeking to do good instead of evil. Because as reported by the ethical hacking group Cryptolaemus -yes, there are hackers in white hats-, an anonymous hacker has achieved the impossible: accessing the infrastructure of the banking Trojan Emotet to replace the ‘malware’ with which it infects the computers of its victims.
The reason for this access? Mitigate the scope and impact of the malware that Emotet carries inside, sabotaging it on purpose. Something that this bona fide anonymous hacker has accomplished by swapping the Trojan’s own malware for a simple GIF file.
On the first day, the GIF image used was from the Blink 182 group; the second day the hacker decided on a GIF by the actor James Franco; and on the third day, he chose Hackerman, one of the protagonists of the viral medium-length film Kung Fury. Who he is is unknown, but according to Cryptolaemus, since last July 21 this hero has managed to boycott at least a quarter of Emotet’s malicious downloads.