Security News > 2022 > April > EmoCheck now detects new 64-bit versions of Emotet malware
The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month.
Emotet is one of the most actively distributed malware spread through emails using phishing emails with malicious attachments, including Word/Excel documents, Windows shortcuts, ISO files, and password-protected zip files.
Once a device is infected, Emotet will steal users' emails to be used in future reply-chain phishing attacks and download further malware payloads on the computer.
As further malware commonly leads to data theft and ransomware attacks, it is crucial to detect Emotet malware infections quickly before further damage is done.
With this switch, the EmoCheck tool could no longer detect the new 64-bit Emotet versions.
EmoCheck will scan for the Emotet Trojan, and if the malware is detected, display the process ID it is running under and the location of the malware DLL. Emotet is currently being installed in a random folder under C:Users[username]AppDataLocal.