The Communications Authority of Kenya (CA), has warned of a new malware targeting network systems in the country. Known as ‘Emotet’, CA through the National Computer Incident Response Team Coordination Centre (National KE-CIRT/CC), says it has so far detected 11 cases targeting local institutions.
Emotet is an advanced and destructive banking Trojan affecting network systems. The malware is notorious for its modular architecture, persistence techniques, and worm-like self-propagation that rapidly spread network-wide infection. A polymorphic Trojan, Emotet can evade typical signature-based detection and has several methods for maintaining persistence, including auto-start registry keys and services.
The Emotet banking Trojan was first identified by security researchers in 2014. Emotet was originally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services—including other banking Trojans.
Read >> Communications Authority approves Loon and Telkom Kenya’s balloon-powered Internet project
Emotet uses functionality that helps the software evade detection by some anti-malware products. It uses worm-like capabilities to help spread to other connected computers. This helps in the distribution of the malware.
Emone is disseminated through malicious email attachments or links posing as invoices, payment notifications, bank account alerts, etc., that use branding seemingly coming from legitimate organizations. Once downloaded, Emotet establishes persistence and attempts to propagate the local networks through incorporated spreader modules.
The Authority has advised the public and organizations to put in place the following measures to limit the effect of Emotet and similar malspam, if they believe their systems may be infected with the malware: Immediately scan and isolate the infected computer from the network, once isolated, proceed to clean and patch the system, consider proactive protection against future malware spam infections and also adhere to general cybersecurity best practices.