Kenya’s Communication Authority issues an alert on detection of Emotet trojan

• The National KE-CIRT/CC has so far detected 11 instances where Emotet was used for performing attacks on local organizations.
• The trojan is primarily disseminated through malicious email attachments.

The Communication Authority of Kenya (CA) has warned the residents of Kenya of an advanced, destructive banking malware targeting network systems. The malware is named as ‘Emotet’ and has been impacting several significant local firms.

Propagation

The National Computer Incident Response Team Coordination Centre(National KE-CIRT/CC) has so far detected 11 instances where Emotet was used for performing attacks on local organizations.

According to General Tom Olwero, CA director, the malware is primarily disseminated through malicious email attachments. In other cases, the malware is distributed through links posing as invoices, payment notification and bank account alerts.

"Emotet is notorious for its modular architecture, persistence techniques, and worm-like self-propagation that rapidly spread network-wide infection," Olwero said, The Star reported.

Once installed, the infamous trojan tries to establish persistence on affected systems and propagates rapidly into the networks.

Impact

The malware poses a great threat for Kenyan firms as it can result in temporary or permanent loss of sensitive data and files that are important for a company. It can also damage the reputation of an organization.

Commenting on the capabilities of the trojan, Olwero said, “It can evade typical signature-based detection and has several methods for maintaining persistence, including auto-start registry keys and services,” The Standard reported.

Mitigation

Both public and private firms are advised to immediately scan and isolate the infected computers from the network. They should then clean and repair the affected systems. It is also necessary to install good security software to combat such malware.