Emotet malware forcibly removed today by German police update
Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement.
The botnet’s takedown is the result of an international law enforcement action that allowed investigators to take control of the Emotet’s servers and disrupt the malware’s operation.
Emotet was used by the TA542 threat group (aka Mummy Spider) to deploy second-stage malware payloads, including QBot and Trickbot, onto its victims’ compromised computers.
TA542’s attacks usually led to full network compromise and the deployment of ransomware payloads on all infected systems, including ProLock or Egregor by Qbot, and Ryuk and Conti by TrickBot.
How the Emotet uninstaller works
After the takedown operation, law enforcement pushed a new configuration to active Emotet infections so that the malware would begin to use command and control servers controlled by the Bundeskriminalamt, Germany’s federal police agency.
Law enforcement then distributed a new Emotet module in the form of a 32-bit EmotetLoader.dll to all infected systems that will automatically uninstall the malware on April 25th, 2021.
Malwarebytes security researchers Jérôme Segura and Hasherezade took a closer look at the uninstaller module delivered by law enforcement-controlled to Emotet servers.
After changing the system clock on a test machine to trigger the module, they found that it only deletes associated Windows services, autorun Registry keys, and then exits the process, leaving everything else on the compromised devices untouched.
“For this type of approach to be successful over time, it will be important to have as many eyes as possible on these updates and, if possible, the law enforcement agencies involved should release these updates to the open internet so analysts can make sure nothing unwanted is being slipped in,” Marcin Kleczynski, CEO of Malwarebytes, told BleepingComputer.
“That all said, we view this specific instance as a unique situation and encourage our industry partners to view this as an isolated event that required a special solution and not as an opportunity to set policy moving forward.”
IBM led consortium wins $3.2 million German Digital Health Passport contract – Ledger Insights
Yesterday German press reported that a consortium led by IBM, including blockchain cybersecurity firm Ubirch won the tender for digital vaccination certificates in Germany. The two firms beat competition from a joint initiative by Deutsche Telekom and SAP. According to the Official EU Journal the award is €2.7 million ($3.2 million), but IBM will subcontract 51% of the project.
The initiative is to create a digital version of yellow vaccine certificates.
Frankfurter Allgemeine Zeitung reported that other consortium participants include Bechtle and Govdigital, which is a cooperative of 15 IT providers. In January, Ubirch and Govdigital were involved in a regional project in the Bavarian district of Altötting. It’s unclear whether that solution used IBM’s Digital Health Pass.
A key feature of the regional trial was to issue a physical card, similar to a credit card but displaying a QR code. Given the first vaccines were provided to older people, the card proved popular. The QR code encodes personal information such as the name, ID and the details of the vaccination, and anyone scanning the code sees the information. The data is not saved elsewhere and the vaccine recipient can store the data on a mobile phone. When the QR code is created, a hash or fingerprint of the data is stored on a blockchain.
A similar solution for Corona test certificates has already been deployed by Ubirch at Frankfurt Airport, Berlin, Hamburg and Düsseldorf. For that, Ubrich partnered with Govdigital and Lufthansa Industry Solutions.
Ubirch positions itself as an IoT cybersecurity firm. It claims it created the world’s first blockchain-on-a-SIM solution together with 1NCE and G+D Mobile Security, a firm known as a currency solution provider to central banks.
Meanwhile, IBM’s Digital Health Pass solution is currently being trialed by the State of New York. It uses a mobile phone app and blockchain for verifiable credentials.
There are a variety of solutions in the marketplace for COVID-19 health certificates. And airlines, in particular, are keen to adopt them. The solutions include GE Digital’s TrustOne app, IATA’s Travel Pass platform, and the
German Officials Seize Server With U.S. Police Files Stolen in Data Breach – Insurance Journal
German Officials Seize Server With U.S. Police Files Stolen in Data Breach Insurance Journal
“data breach” – read more
Google’s security measures failed to find Android malware in Play Store – Engadget German
Google’s security measures failed to find Android malware in Play Store Engadget German
“android security news” – read more