From Banking Trojan to an All-Purpose Weapon: Emotet

Emotet Trojan spreads again! Find out what’s behind the Emotet malware and how you can protect yourself against it.

Jun 14, 2022 - 3 min.
Picture of: Sebastian Ulbert
Sebastian Ulbert

Emotet – what may sound like the name of a deity or a fun new card game is an all-too-real and serious danger. Emotet is a form of malware that poses an enormous risk despite international efforts at curbing its spread. Europol actually rates it as the most dangerous malware in the world. But what makes Emotet so dangerous and how can you arm yourself against it? 

Emotet is a computer malware programme first discovered in 2014 as a banking trojan. Having since developed into its current form, it can now download additional forms of malware onto infected computers. But that’s not the only reason why this programme has such potential to inflict huge damage. 

Emotet is a polymorph virus: a master of disguise. To evade detection by signature-based anti-virus programmes, the code updates and changes every time it’s launched. What’s more, the malware detects when there are nearby virus scanners and shuts down its activities by ‘sleeping’.

Private users or companies – they’re all fair game to Emotet

Anyone can become a victim of an attack by Emotet: whether it’s private individuals, companies, organisations, public authorities or critical infrastructure. In addition to banking login data and financial data, criminals have even used it to steal bitcoin credit. 

Emotet is primarily spread via spam emails disguised as invoices or delivery notifications, and what makes Emotet so special is that these emails may even come from known senders. It comes concealed in seemingly harmless attachments like Word files – but the malware can also be hidden behind links or scripts. 

As Emotet is a macro virus, users of Windows systems are especially at risk. These types of viruses use the macro languages of common applications such as Word or Excel instead of their own independent code. Once they get onto a computer, they run automatically upon opening.

Opening the door to a host of threats

The fact that it’s possible to infect your own computer even when receiving emails from people or organisations you know makes this malware’s way of operating very sophisticated: Emotet is even able of accessing the contacts lists and emails contained in infected computers’ inboxes. This enables criminals to then send out emails that appear authentic from these PCs using the victim’s name and which contain malicious attachments. Those affected by the virus have no idea and since the recipients of the emails think they’re from a known sender, they open the attachments without suspecting a thing.

This enables cybercriminals to inflict even more damage using Emotet. They’re not only able to have the malware update itself regularly and spy on their victims’ data; they can also download other harmful software to manipulate online banking or encrypt computer systems using ransomware and extort money. 

Emotet can also act as a computer worm to enable malware to spread through corporate networks without attachments needing to be sent. This can have many consequences – ranging from loss of data and impairing business processes to a complete outage of IT systems. In the worst-case scenario, there is no option but to rebuild the entire company network to eliminate the infection. 

How can Emotet be detected?

As we’ve shown, Emotet is very good at making itself invisible to signature-based virus scanners but there are signs to indicate an infection: for example, if email contacts receive suspicious messages from their own account or if your own inbox gets potentially falsified emails from colleagues or friends. Emotet can also be the reason for other malware infections whose cause cannot be determined. 

But you can afford yourself some level of protection against it by observing the following: 

  • Emotet exploits vulnerabilities in the Windows system so you absolutely must keep your operating system up-to-date by installing the latest patches and updates.
  • Rely on strong cyber security systems on several levels, such as for your email and browser, and make use of anti-virus programmes.
  • Always be cautious when handling emails, even those from people you know. 
  • Deactivate the automatic approval of macros. In most cases, Emotet ultimately gets onto your computer via MS Office files that require macros. 
  • Perform regular back-ups. 
  • Turn to secure login solutions using two-factor authentication.
  • Offer your staff training in cyber security. 

If Emotet already infects a computer – either a personal or business computer – the best solution is to completely reset it and change all passwords and access data. Email contacts should also be warned. 

There’s life in the old dog yet

Emotet still has plenty of potential to wreak damage. At the start of 2021, there were reports in the media that an international investigation team smashed through the IT defences of Emotet. But by the end of the year, the malware was again making the rounds, and there was an increased level of activity by cyber criminals using Emotet. They began using new methods such as sending harmful OneDrive links in addition to the usual Office attachments. The risk posed by Emotet is, unfortunately, still very much present and private users and companies alike need to arm themselves against this insidious method of attack. 


Decisive Factor for More Security: Multi-Factor Authentication