Police smash 'world's most dangerous' cybercrime malware tool

·2-min read
Police based in Britain, Canada, Germany, Lithuania, the Netherlands, Ukraine and the United States teamed together to infiltrate the infrastructure of EMOTET, described as the "world's most dangerous" cybercrime malware tool

International police have disrupted the "world's most dangerous" cybercrime malware tool used to break into computer systems, law agencies announced on Wednesday.

The illicit tool called EMOTET was operated as a so-called botnet, software that infects a network of computers and allows them to be remotely controlled, Europol and its judicial sister agency Eurojust said.

Police based in Britain, Canada, Germany, Lithuania, the Netherlands, Ukraine and the United States teamed together to infiltrate EMOTET's infrastructure.

Describing it as the "world's most dangerous malware", Europol said in a statement that "law enforcement and judicial authorities worldwide have this week disrupted one of the most significant botnets of the past decade: EMOTET."

The network involved several hundred servers around the world that were used to "manage the computers of the infected victims, to spread to new ones, to serve other criminal groups", Europol said.

"Investigators have now taken control of its infrastructure in an international coordinated action," it said.

Police also searched properties in Ukraine in connection with the case, Britain's National Crime Agency said.

EMOTET "was used by cybercriminals to infiltrate thousands of companies and millions of computers worldwide," the NCA added in a statement.

- 'Door opener' -

What made EMOTET especially dangerous was the fact that it was offered for hire to other "top level" criminals, who then used this "door opener" to install other types of malware, Europol said.

This included infamous banking "Trojans" which steal bank details and credentials, and ransomware that locks files and systems and holds them for ransom for large sums of money.

Malware such as the TrickBot Trojan and Ryuk ransomware have benefited from it, Europol said.

Criminals used email attachments to trick unsuspecting victims into opening the mails, making them look like invoices, shipping notices and information about Covid-19.

All these emails contained malicious Word documents, either attached to the email or downloadable by clicking on a link within the mail.

Once a user opened one of these documents, they were prompted to "enable macros" so that the malicious code hidden in the Word file could run and install EMOTET malware on a victim's computer.

"EMOTET was one of the biggest vectors of corporate infection in ransomware and data theft attacks," Gerome Billois, Paris-based cybersecurity expert for the consultancy Wavestone, told AFP.

The police action "shows that it is possible to stop cyber-criminals", Billois added.

In France EMOTET has targeted several departments within the country's justice ministry as well as judges and lawyers in September last year, prompting security agencies to launch a probe.

Authorities were looking for companies that fell victim to EMOTET, but "it is difficult to have an idea of the number of victims", Catherine Chambon, deputy director of the French police's anti-cybercrime unit told AFP.

Many victims "do not systematically file a complaint during this kind of attack", she said.