{"id":5011,"date":"2018-08-05T17:00:43","date_gmt":"2018-08-05T11:30:43","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=5011"},"modified":"2020-09-23T06:50:46","modified_gmt":"2020-09-23T01:20:46","slug":"emotet-banking-malware-attacks-government-public-sectors","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/","title":{"rendered":"Emotet banking malware attacks government and public sectors"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1492 size-full\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_12.jpg\" alt=\"emotet malware\" width=\"650\" height=\"300\" srcset=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_12.jpg 650w, https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_12-300x138.jpg 300w, https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_12-225x104.jpg 225w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/p>\n<p>Emotet is a new banking trojan. It is a downloader that functions to download other trojans into the system or a network. It is the most expensive and destructive malware affecting state, tribal, local, and territorial governments, and even creating impact against the public and private sectors. The US Cert team has alerted on the consistent spread of the trojan since 2017 and also declared that it uses the most destructive way to steal various information. Emotet banking malware is delivered through Microsoft office document and attachment named as Greeting card, this helps the attacker to access the Windows API.. This banking trojan spreads quickly that can cost around $1 million to gain back the network. The hackers are constantly finding methods and techniques to help the malware stay persistent within the network.<\/p>\n<p>Emotet trojan is not just responsible to drop new trojans in the system, but also manages to attack the signature-based detection by altering the register keys.<\/p>\n<p>The hackers deploy efficient techniques to notify false signals when it is executed in the sandboxed environment. The Modular DLLs function entitles the banking malware to evolve and update its functionalities..<\/p>\n<p><strong>Emotet Banking Malware Infection Process<\/strong><\/p>\n<p>Emotet banking malware spreads through emails that contain malware links or attachments while the contents of the email would look genuine claiming to be PayPal receipts or any other banking related information which convinces the users to open the mail and the attachment in it.<\/p>\n<p>When the users click on the attachment or the link or a word document enabled with macros, the trojan starts spreading rapidly across the local network.<\/p>\n<p>US CERT reveals that there exists 5 spreader modules deployed by the Emotet banking malware that includes:<\/p>\n<ul>\n<li>NetPass.exe<\/li>\n<li>WebBrowserPassView<\/li>\n<li>Mail PassView<\/li>\n<li>Outlook scraper<\/li>\n<li>Credential enumerator<\/li>\n<\/ul>\n<p><strong>NetPass.exe<\/strong> \u2013 this helps to gain access to all the network passwords that are stored by the existing user on the system.<\/p>\n<p><strong>Outlook scraper<\/strong> \u2013 this uses phishing emails to gains access to the names and the corresponding email addresses from the targeted victim\u2019s outlook accounts through phishing emails.<\/p>\n<p><strong>WebBrowserPassView<\/strong>&#8211; this entitles the malware to capture passwords saved by the browsers.<\/p>\n<p><strong>Mail PassView<\/strong> \u2013 It entitles to gain access to user account details and passwords for various email clients.<\/p>\n<p><strong>Credential enumerator<\/strong>\u2013 It deploys the use of server message block (SMB) to list out the network resources.<\/p>\n<p>As soon as the infection process is complete, the malware injects the malicious code into the running processes of the system and mainly into the explorer.exe file. This helps to gather the sensitive information like location of the system, system name and it also has the capability to connect with C&amp;C server.<br \/>\nThe connection with C&amp;C server would enable new infection. This ensures to get configuration data, download and run malicious files and even upload information to the C2 server.<br \/>\nFinally, it shares the stolen data and other confidential banking data of the infected network which leads to malfunctioning of the regular operations, loss of business and customer related files.<\/p>\n<p>Therefore, considering the capabilities of the new Emotet banking trojan and its lethal activities in targeting the banking and government sectors, it is important to install a next-gen malware removal software like Comodo internet security suite to ensure <a href=\"https:\/\/antivirus.comodo.com\/free-antivirus.php\" target=\"_blank\" rel=\"noopener\">complete virus prevention<\/a>.<\/p>\n<p><a href=\"https:\/\/antivirus.comodo.com\/download\/thank-you.php?prod=cloud-antivirus&#038;track=16678&#038;af=16678\" target=\"_blank\" rel=\"noopener\" onclick=\"ga('send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Download', eventLabel: 'Bottom FREE DOWNLOAD banner Product AV'});ga('nT.send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Download', eventLabel: 'Bottom FREE DOWNLOAD banner Product AV'});\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-8604\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2018\/04\/Comodo-Free-Antivirus.png\" alt=\"comodo antivirus\"\/><\/a><\/p>\n<p><a href=\"https:\/\/secure.nurd.com\/home\/purchase.php?pid=109&#038;af=16166\" target=\"_blank\" rel=\"noopener\" onclick=\"ga('send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Click', eventLabel: 'GET COMPLETE PROTECTION banner Product CIS Pro'});ga('nT.send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Click', eventLabel: 'GET COMPLETE PROTECTION banner Product CIS Pro'});\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8604\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2020\/08\/complete-antivirus.png\" alt=\"comodo antivirus\" width=\"650\" height=\"83\" \/><\/a><\/p>\n<p><strong>Related Resources<\/strong><br \/>\n<a href=\"https:\/\/antivirus.comodo.com\/security\/best-free-antivirus-windows-8.php\" target=\"blank\">antivirus for windows 8<\/a><\/p>\n<p><a href=\"https:\/\/cwatch.comodo.com\/website-status-checker.php\" rel=\"noopener\" target=\"_blank\">Website Status<\/a><\/p>\n<p><a href=\"https:\/\/cwatch.comodo.com\/website-checker.php\" rel=\"noopener\" target=\"_blank\">Website Checker<\/a><\/p>\n<p><strong><a href=\"https:\/\/cwatch.comodo.com\/website-backup\/\" rel=\"noopener\" target=\"_blank\">Website Backup<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Emotet is a new banking trojan. It is a downloader that functions to download other trojans into the system or a network. It is the most expensive and destructive malware affecting state, tribal, local, and territorial governments, and even creating impact against the public and private sectors. The US Cert team has alerted on the [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":1493,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[26,13],"class_list":["post-5011","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-comodo-news","tag-malware","tag-malware-removal"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Emotet Malware and its types | How they affect Government Bodies<\/title>\n<meta name=\"description\" content=\"Emotet malware is a kind of banking trojan which operates to download different set of malware into a system. Get to know about their types and removal\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emotet Malware and its types | How they affect Government Bodies\" \/>\n<meta property=\"og:description\" content=\"Emotet malware is a kind of banking trojan which operates to download different set of malware into a system. Get to know about their types and removal\" \/>\n<meta property=\"og:url\" content=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/\" \/>\n<meta property=\"og:site_name\" content=\"Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-05T11:30:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-09-23T01:20:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_12.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"225\" \/>\n\t<meta property=\"og:image:height\" content=\"170\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"seo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/\",\"name\":\"Emotet Malware and its types | How they affect Government Bodies\",\"isPartOf\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_12.jpg\",\"datePublished\":\"2018-08-05T11:30:43+00:00\",\"dateModified\":\"2020-09-23T01:20:46+00:00\",\"author\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\"},\"description\":\"Emotet malware is a kind of banking trojan which operates to download different set of malware into a system. Get to know about their types and removal\",\"breadcrumb\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/#primaryimage\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_12.jpg\",\"contentUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_12.jpg\",\"width\":225,\"height\":170,\"caption\":\"emotet banking malware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/antivirus.comodo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Emotet banking malware attacks government and public sectors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/\",\"name\":\"Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\",\"name\":\"seo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"caption\":\"seo\"},\"url\":\"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emotet Malware and its types | How they affect Government Bodies","description":"Emotet malware is a kind of banking trojan which operates to download different set of malware into a system. Get to know about their types and removal","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/","og_locale":"en_US","og_type":"article","og_title":"Emotet Malware and its types | How they affect Government Bodies","og_description":"Emotet malware is a kind of banking trojan which operates to download different set of malware into a system. Get to know about their types and removal","og_url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/","og_site_name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","article_published_time":"2018-08-05T11:30:43+00:00","article_modified_time":"2020-09-23T01:20:46+00:00","og_image":[{"width":225,"height":170,"url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_12.jpg","type":"image\/jpeg"}],"author":"seo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"seo","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/","url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/","name":"Emotet Malware and its types | How they affect Government Bodies","isPartOf":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/#primaryimage"},"image":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/#primaryimage"},"thumbnailUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_12.jpg","datePublished":"2018-08-05T11:30:43+00:00","dateModified":"2020-09-23T01:20:46+00:00","author":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462"},"description":"Emotet malware is a kind of banking trojan which operates to download different set of malware into a system. Get to know about their types and removal","breadcrumb":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/#primaryimage","url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_12.jpg","contentUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_12.jpg","width":225,"height":170,"caption":"emotet banking malware"},{"@type":"BreadcrumbList","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/emotet-banking-malware-attacks-government-public-sectors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/antivirus.comodo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Emotet banking malware attacks government and public sectors"}]},{"@type":"WebSite","@id":"https:\/\/antivirus.comodo.com\/blog\/#website","url":"https:\/\/antivirus.comodo.com\/blog\/","name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462","name":"seo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","caption":"seo"},"url":"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/5011","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/comments?post=5011"}],"version-history":[{"count":18,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/5011\/revisions"}],"predecessor-version":[{"id":15495,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/5011\/revisions\/15495"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media\/1493"}],"wp:attachment":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media?parent=5011"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/categories?post=5011"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/tags?post=5011"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}