The Communications Authority of Kenya (CA), through the National Computer Incident Response Team Coordination Centre (National KE-CIRT/CC), has detected a malware targeting network systems, called ‘Emotet’.
The National KE-CIRT/CC has so far detected 11 cases targeting local institutions and has engaged the affected organizations accordingly.
Emotet is an advanced and destructive banking Trojan affecting network systems. Emotet is notorious for its modular architecture, persistence techniques, and worm-like self-propagation that rapidly spread network-wide infection. A polymorphic Trojan, Emotet can evade typical signature-based detection and has several methods for maintaining persistence, including auto-start registry keys and services.
Emotet is disseminated through malicious email attachments or links posing as invoices, payment notifications, bank account alerts, etc., that use branding seemingly coming from legitimate organizations. Once downloaded, Emotet establishes persistence and attempts to propagate the local networks through incorporated spreader modules.
Emotet may result in temporary or permanent loss of sensitive or proprietary information, disruption to regular business operations, financial losses related to restoration of systems and files, as well as the potential harm to an organization’s reputation.
The Authority wishes to advise the public and organizations to put in place the following measures to limit the effect of Emotet and similar malspam, if they believe their systems may be infected with the malware:
- Immediately scan and isolate the infected computer from the network
- Once isolated, proceed to clean and patch the system