Security News > 2021 > April > Emotet malware forcibly removed today by German police update
Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement.
Emotet was used by the TA542 threat group to deploy second-stage malware payloads, including QBot and Trickbot, onto its victims' compromised computers.
After the takedown operation, law enforcement pushed a new configuration to active Emotet infections so that the malware would begin to use command and control servers controlled by the Bundeskriminalamt, Germany's federal police agency.
"Within the framework of the criminal procedural measures carried out at international level, the Bundeskriminalamt has arranged for the malware Emotet to be quarantined in the computer systems affected," Bundeskriminalamt told Bleepingcomputer.
"Foreign law enforcement, working in collaboration with the FBI, replaced Emotet malware on servers located in their jurisdiction with a file created by law enforcement," the DOJ said.
"The law enforcement file does not remediate other malware that was already installed on the infected computer through Emotet; instead, it is designed to prevent additional malware from being installed on the infected computer by untethering the victim computer from the botnet."
News URL
Related news
- Darknet marketplace Nemesis Market seized by German police (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- German Police Seize 'Nemesis Market' in Major International Darknet Raid (source)
- APT29 hit German political parties with bogus invites and malware (source)