Webinar: Role Based AI in One Click: Train, Deploy, and Use Across any Channel | December 17 at 11 AM EST.
Register Now

US-CERT Alerts Emotet Malware Spreads On Government, Private And Public Sectors

Updated on October 11, 2022, by Xcitium

US-CERT Alerts Emotet Malware Spreads On Government, Private And Public Sectors

An alert for an advanced Emotet banking malware attack that focuses on stealing sensitive information from governments, public and private sectors has been recently issued by the US-Cert team.

Emotet And How It Spreads?

Emotet malware is an advanced, modular banking Trojan that mainly functions as a downloader or dropper of other banking Trojans. This expensive and destructive malware affects public and private sectors and state, local, tribal, and territorial (SLTT) governments.

Since 2017, Emotet banking malware has been spreading via malspam (emails containing malicious links or attachments) which uses branding familiar to the recipient. It has also been spread using the MS-ISAC name. Recent campaigns in July 2018 imitate PayPal receipts, shipping notifications, or “past-due” invoices from MS-ISAC. The very first malware infection occurs when the user clicks on or opens the infected PDF, malicious download link, or macro-enabled Microsoft Word document included in the malspam. After the download process, Emotet malware tries to propagate the local networks via incorporated spreader modules.

Emotet is one of the rapidly spreading banking Trojans and could cost almost $1 million to recover the affected networks; malware authors are constantly working to improve persistence. A recent malware campaign delivering Emotet banking malware through Microsoft Office document attachments with “Greeting Card” as the document name, hijacks the Windows API.

Emotet Currently Uses Five Known Spreader Modules:

  • WebBrowserPassView- a password recovery tool that captures passwords stored by major browsers.
  • Mail PassView – helps to disclose the account details and passwords for different email clients
  • Credential Enumerator – enumerates the network resources using Server Message Block (SMB) or attempts to brute force user accounts.
  • NetPass.exe – recovers all network passwords stored on a system for the currently logged-on user.
  • Outlook scraper – scrapes email addresses and names from the victim’s Outlook accounts using phishing emails.

Emotet Malware Infections Cause:

  1. Disruption to regular operations
  2. Potential harm to an organization’s reputation
  3. Financial losses incurred to restore files and systems
  4. Permanent or temporary loss of proprietary or sensitive information.

Protect Your Banking Information With Xcitium Advanced Endpoint Protection (AEP)

Endpoint protection, or endpoint security, is a solution that protects and secures the endpoints from unknown malware or advanced persistent threats or zero-day exploits. Traditional antivirus software cannot be a standalone solution for eradicating the threats, and Xcitium Advanced Endpoint Protection is designed to deliver complete security, guaranteeing data protection for all enterprises.

AEP thus delivers a focused security solution that helps secure servers, workstations, and devices that are connected to access the enterprise networks. Xcitium Advanced Endpoint Protection prevents unknown malware from running on your endpoints with its unique Default Deny Platform™.

Xcitium Advanced Endpoint Protection Works In The Following Manner:

  • Advanced Endpoint Protection leverages the Default Deny Platform to block bad files and automatically contain unknown files in a virtual container, using intelligent Automatic Containment technology.
  • The Xcitium VirusScope technology is used for analyzing unknown files for malicious actions and behavior.
  • Valkyrie provides a cloud-based accelerated verdict in just 45 seconds, based on dynamic, static, and also a human analyst interaction.
  • Malware files are removed, good files are allowed to run on the endpoint CPU and unknown files are contained in the lightweight virtual container on the endpoint and then examined in real time.
  • Advanced Endpoint Protection can be provisioned within just a minute. It uses negligible CPU resources and requires an endpoint footprint of only10 MB. The program provides complete security for both virtual and physical endpoints in both big and small enterprises.

See Also:

Endpoint Security
Trojan Virus

See our Unified Zero Trust (UZT) Platform in Action
Request a Demo

Protect Against Zero-Day Threats
from Endpoints to Cloud Workloads

Product of the Year 2025
Newsletter Signup

Please give us a star rating based on your experience.

1 Star2 Stars3 Stars4 Stars5 Stars (9 votes, average: 2.89 out of 5)
Expand Your Knowledge
Unknown Files
What Happens to Unknown Files in Your Network?

In cybersecurity, the riskiest thing you can do is assume. Yet most vendors still operate on a dange...
February’s Gone. But Not Forgotten.

If you happen not to have been a frequent reader of the Blog contributions I’ve published within t...
Computer Security
Computer Security

Computers have become a necessity for businesses and organizations. With much communication going to...
What Is Technical Debt
What Is Technical Debt? A Guide for IT Leaders and Cybersecurity Professionals

Have you ever rushed a project deadline only to face costly fixes later? That’s a classic example ...
Coast Guard Data Breach
Coast Guard Data Breach Forces System Shutdown: How Xcitium Protects Critical Military Infrastructure

The United States Coast Guard has suffered a significant data breach, forcing officials to take pers...
How to Remove BitLocker
How to Remove BitLocker: A Step-by-Step Guide to Disabling Encryption Safely

BitLocker is a built-in disk encryption feature in Windows that adds a layer of security to your dat...
What is a Subnet Mask
What is a Subnet Mask: A Complete Guide for Networking & Cybersecurity Professionals

If you’ve ever managed a network, you’ve likely encountered the term what is a subnet mask. It m...
How to Clear Clipboard
How to Clear Clipboard: A Complete Guide for Security & Efficiency

Have you ever copied a password, financial detail, or confidential text and forgotten about it? That...
what does ux stand for
What Does UX Stand For? A Complete Guide for Business Leaders

Have you ever abandoned a website because it was too slow, confusing, or frustrating to use? If so, ...
how to idm
How to IDM (Internet Download Manager): The Complete Beginner-to-Pro Guide

Have you ever started a download that took forever to complete? That’s where Internet Download Man...
What is the mitre attack framework?
What Is The MITRE ATTACK Framework?

How prepared are you for security incidents? Does your cyber defense system work effectively? Do you...
What Data Analyst Do
What Data Analyst Do: A Complete Guide for Business Leaders and IT Managers

Every business today collects data — from customer behavior and financial transactions to cybersec...

By clicking “Accept All" button, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookie Disclosure

Manage Consent Preferences

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.