The Australian government has raised the level of alert over a new Trojan virus, called Emotet. The virus can take over Australian computers and allow hackers to demand money via ransomware attacks. Here’s what you need to know.
[referenced url=”https://www.lifehacker.com.au/2019/10/check-your-android-phone-for-these-adware-infested-apps/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2019/10/malwareandroid-410×231.jpg” title=”Check Your Android Phone For These Adware-Infested Apps” excerpt=”It seems like a day doesn’t go by without a new malware alert for apps available on the Google Play Store and today is no different. Researchers have uncovered a number of Android apps filled with adware, which have been downloaded about eight million times in total. Here are the offending apps and how to remove them.”]
The warning was issued by the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) who said it had received “dozens” of reports confirming the presence of Emotet within “critical infrastructure providers and government agencies”.
“Emotet provides an attacker with a foothold in a network from which additional attacks can be performed, often leading to the deployment of ransomware,” the ACSC’s alert read.
“Do not pay the ransom if affected by ransomware. There is no guarantee that paying the ransom will fix your computer, and it could make you vulnerable to further attacks. Restore your files from backup and seek technical advice.”
It has successfully infiltrated 19 devices, including a ransomware attack on the Victorian health sector.
How does Emotet work?
Emotet usually comes in the form of an attachment from a suspicious-looking email. The file, which could be both a Word document (.doc, .docx) or PDF, may appear legitimate but if it’s downloaded and then opened, Emotet can then infiltrate your computer.
But ACSC warned it’s also been found in embedded URLs and there are reports of it appearing in untargeted bulk spam emails as well as targeted phishing attempts.
Once the infested file is opened on a computer, it installs Emotet, which then goes on to write files to shared drives. It’s also been observed downloading a secondary program, called Trickbot, which harvests emails and credentials and introduces even more malware in some cases.
How can I protect my computer from Emotet attacks?
As Emotet requires macros enabled in programs like Word, ACSC recommends disabling them or using settings which restrict them running without first notifying you.
Regular scanning your computer with anti-malware software is also recommended but prevention is always the best method. If you receive an unsolicited email with an attachment and it just doesn’t look right, delete it immediately. Telltale signs such as unofficial email addresses claiming to be from major companies, unfamiliar subject lines or spelling errors are usually giveaways for dodgy emails.
If you suspect you might have come across Emotet, ACSC recommends getting in touch with them via their email [email protected] to report it.
[referenced url=”https://www.lifehacker.com.au/2019/09/malware-alert-microsoft-just-broke-windows-defender/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2018/05/windows-10-crash-410×231.jpg” title=”MALWARE ALERT: Microsoft Just Broke Windows Defender” excerpt=”Microsoft has been a leader in software development for decades but what it’s also really good at is releasing borked updates. The latest is a real doozy and some users are reporting Windows Defender is cooked now too which was just confirmed by Microsoft. Here’s what you can do to fix it.”]