Security News > 2021 > January > Here'e how law enforcement's Emotet malware module works
New research released today provides greater insight into the Emotet module created by law enforcement that will uninstall the malware from infected devices in April.
On January 27th, Europol announced that a joint operation between law enforcement agencies from Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine took control of the Emotet botnet's servers and disrupted the malware's operation.
"Foreign law enforcement, working in collaboration with the FBI, replaced Emotet malware on servers located in their jurisdiction with a file created by law enforcement, according to the affidavit. This was done with the intent that computers in the United States and elsewhere that were infected by the Emotet malware would download the law enforcement file during an already-programmed Emotet update," states a Department of Justice press release.
The new Emotet module distributed by German law enforcement is a 32-bit DLL named 'EmotetLoader.
The difference is that the Emotet command and control server is now configured to use law enforcement servers located in Germany.
As law enforcement controls the botnet, Emotet will not download further modules to the infected PC to perform malicious activity.