Home » Technology » Government of Japan launches tool that detects new version of Emotet malware

Government of Japan launches tool that detects new version of Emotet malware

The Japanese government this week released a new version of its EmoCheck tool, updated to identify the new version of the Emotet botnet. The software is capable of scanning Windows systems for malware and indicating the installation path if it is detected, allowing administrators and security professionals to take the necessary measures to mitigate the problem.

The release made by CERT (Center for Studies, Response and Handling of Security Incidents) of Japan is a response to the recent Trojan update, which gained 64-bit programming and new features. As infections escalate with this new edition of the botnet, the original EmoCheck lost its purpose as it was only able to identify 32-bit editions of the threat.

The experts’ recommendation is to download and run the tool on corporate systems, with immediate action if a contamination is identified. In addition to deleting the folder and all files created by Emotet, those responsible should also check the Windows Task Manager and terminate processes linked to the malware, which usually goes by regsvr32.exe.

Japanese CERT tool received update to identify new version of Emotet; plague gained 64-bit architecture and is already starting to take the place of the old edition (Image: Reproduction/Bleeping Computer)

Finally, other usual security measures should be taken, such as cleaning with good security software and monitoring endpoints to ensure that previous contamination with Emotet has not already resulted in new exploits. Typically, the trojan serves as an opening for attacks involving ransomware and data theft, with its infrastructure typically being marketed to third parties by the original compromisers.

According to the JPCERT, the eye should be kept alive for fraudulent emails, as even in a new, more stealthy and capable version, phishing remains the biggest vector for spreading Emotet. Collaborators should not open attachments or click on links that arrive by e-mail unless they are absolutely sure about the origin, as Office package documents, ISO or ZIP files are the main bait.

The first detections of the new version of Emotet started to emerge in the last week. Among 30,000 fraudulent emails in 10 languages, sent only in February of this year, the new architecture of the Trojan appeared, which is already starting to take the place of the old version, while maintaining its place as the most popular and dangerous malware in the world. world.

Source: JPCERT (GitHub)

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.