International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 10 Issue: 04 | Apr 2023
p-ISSN: 2395-0072
www.irjet.net
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its Attack and Prevention Strategies Deepak Reddy A R1, Dr. Chandra Mohan B2 1 Student at Vellore Institute of Technology, India 2
School of Computer Science and Engineering, Vellore Institute of Technology, India ---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - Many people use internet every day for different
dangerous due to its modular capabilities, which allow it to carry out coordinated DDOS attacks and steal money straight from the victim's bank account. These modules consist of spam bot, banking, and distribution modules.
activities like browsing, sending emails, banking, social media, and downloading files and videos. EMOTET is an advanced type of virus that mainly focuses on financial systems and individuals to poach personal and financial information. It spreads by false emails to people and also by replicating on itself. It can download other types of malware that attack the system even more, and it can encrypt sensitive data, making it inaccessible to the user. The US-CERT has already warned people about this malware. According to a cybersecurity company called CrowdStrike, dealing with EMOTET can cost up to $1 million per incident. EMOTET usually spreads through phishing emails, which can contain malicious links or attachments, like fake PDFs or Microsoft Word documents. It's crucial to be careful and not click on suspicious links or attachments to avoid falling victim to this malware. This study intends to investigate the effects of Emotet on organizations and people as well as to find efficient preventative measures for this infection. The results of this paper provide valuable insights for businesses and individuals looking to protect themselves against the threat of Emotet and other sophisticated malwares.
Its most recent examples contain modules that can steal a variety of data from the target, including email client credentials, contact lists, web browser credentials, and email contents. It can propagate through LAN using spam or through WAN using SMB vulnerabilities. Recent spam campaigns by Emotet have been very effective at infecting users by making the emails appear more legitimate by using previously stolen email conversations.[5] It can increase rights, brute-force local network credentials, harvest contacts and recent emails from Outlook, and proxy C2 traffic from other infected devices. As it collaborates with other types of malware, it spreads rapidly once it has access to a network and exposes devices to a wide range of threats. Emotet samples have increased recently, with spam campaigns mainly focusing on users in Lithuania, Greece, and Japan.[9] The most recent Emotet campaign, which made a big impression in many nations around the globe, is the subject of this report. The report examines the attack vector, maps the infrastructure used at different points in the campaign, and analyses Emotet's malicious payloads to determine their potential effect using a carefully crafted dataset.
Key Words: Emotet, Spider, Malware, Phishing, Cyber Security, Prevention, Banking.
1.INTRODUCTION Emotet, also known as Geodo, is a type of malware that first surfaced in early 2014 and poses a significant threat to computers and networks[13]. Since its discovery in June 2014, the Emotet malware has grown into a major threat distributor that distributes and drops additional banking Trojans like Trickbot and IceDiD. This offers malware-as-aservice. It is difficult to locate and eliminate because it has been around for a while and altered over time. The virus is known as MUMMY SPIDER by renowned cybersecurity firm CrowdStrike, and it frequently changes its payloads to avoid discovery. Its primary goal is to gain access to an infected device, collect data from the target, and download additional malware payloads to steal credentials. On the Windows operating system, Emotet replicates itself into fixed areas, making it challenging to fully remove. It's a risky malware that criminals might use to propagate banking Trojans and ransomware like Ryuk and Trickbot.[12] Security experts at G DATA found over 33,000 distinct Emotet versions in just the first half of 2019. Emotet Variant 1 is extremely
© 2023, IRJET
|
Impact Factor value: 8.226
Fig-1: Detected Emotet samples on a daily basis. Emotet is among the priciest malware, with remediation expenses of up to $1 million per incident, according to USCERT. According to Sophos charts, Emotet regularly outperformed malware like GandCrab, HawkEye, Ursnif, Formbook, and AZORult in terms of frequency of sighting.
|
ISO 9001:2008 Certified Journal
|
Page 133