Emotet banking Trojan was first detected by security researchers in 2014. Emotet was originally designed as banking software for the purpose of banking transactions and aims to intercept sensitive and private personal information. Newer versions of Emotet have added the ability to send (spam / phishing emails) and install other software on the target computer – including other banking Trojans.
 
Emotet has functionality that helps the software to avoid detection by certain anti-malware products. Emotet has the ability to automatically infect a computer network, ie it has worm capabilities. As a result, an infected computer can be used as the distribution hub of this software, especially with the use of emails and more.
 
The main method of distributing Emotet is via spam. (malspam). Once Emotet has access to our computer, it steals our contact list and sends it (Emotet) with attachments or trapped links to our friends, family, colleagues and customers in general, if we are a company. Because these emails come from the tampered account of the person we are mailing to, e-mails look less suspicious and recipients feel more secure, and more likely to click trapped URLs and download / open infected files.
 
If the infected computer is connected to an internal network, then Emotet infects neighboring computers using a list of common / simple passwords and the brute forcing technique. It has been observed by researchers that Emotet, after infection, downloads and executes another trojan TrickBot, which in turn to infect an internal network, exploits the vulnerability of EternalBlue / DoublePulsar.
 

How do we detect a phishing email?

 
Information to detect and protect against phishing email in general, can be found at the link:
 
  • https://csirt.cd.mil.gr/en/phishing/
  • https://www.certcoop.eu/index.php/tutorials/
  • https://www.certcoop.eu/wp-content/uploads/2019/04/Restore_point_and_controlled_folder_access.ogv