Swiss information security body warns of wave of “Emotet” banking trojan malware

Maria Nikolova

“Emotet/Heodo” usually infects the targeted computers via Word files in emails.

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today posted a notice regarding malware that is increasingly targeting potential victims.

MELANI says it has observed a wave of instances of infections via “Emotet / Heodo” malware. Emotet is a banking trojan malware program which obtains financial information from the affected machine.

According to the Centre, criminals are sending emails with infected attachments (typically, a Word document). MELANI advises not to open the documents in emails from suspicious sources. However, these emails often mimic known sources. The rule of thumb is that in case of doubt one should call the sender to verify the email is a genuine one.

Once “Emotet” is installed, it may download ransomware on the affected machine.

In the event of an infection, MELANI recommends that you immediately disconnect the computer from all networks. It is essential that the system should be reinstalled following this and that all passwords should be changed.

After cleaning the computer, the back-up data (if available) can then be restored. If no data backup is available, it is advisable to retain the encrypted data and to save it so that it could possibly be decrypted at some later date in case a solution is found.

In all cases, MELANI recommends bringing the incident to the attention of the Cybercrime Coordination Unit Switzerland (CYCO) and reporting the case to the local police.

MELANI advises against paying a ransom because this will only strengthen the criminal infrastructure and thereby allow criminals to blackmail other victims. In addition, there is no guarantee that the key for decryption will be provided.

According to the latest malware stats from MELANI – those for the second half of 2018, Retefe continues to be one of the most significant banking Trojans in Switzerland. The malware is sent by email on behalf of well-known companies or institutions and targets both Windows and MacOS systems. The email attachments usually contain a malicious Word document, e.g. an purported invoice from an online shop, a delivery confirmation from a parcel supplier or information from the Federal Administration on contaminated drinking water.

Read this next

Retail FX

Malaysia regulator exposes OctaFX clone, shady FB profiles

Malaysia’s financial regulator today warned online investors about the risks of following investment tips made on social-media platforms.

Digital Assets

Crypto trading volume spikes at Swiss bourse amid FTX collapse

The shockwaves from the historic collapse of Sam Bankman-Fried’s crypto empire are still being felt across the industry, but some trading venues are actually doing better because of it.

Executive Moves

CMC Markets adds Camilla Boldracchi to institutional sales

UK’s biggest spread better, CMC Markets has promoted Camilla Boldracchi to take on an expanded role within its institutional sales desk.

Institutional FX

FXSpotStream reports $1.48 trillion in monthly volume for November

FXSpotStream’s trading venue, the aggregator service of LiquidityMatch LLC, reported its operational metrics for November 2022, which moved higher on a yearly basis but reflected weak performance across executed trade volumes when weighed against the figures of the prior month.

Retail FX

Interactive Brokers’ client activity drops 30% YoY

Interactive Brokers LLC (NASDAQ:IBKR) saw 1.95 million daily average revenue trades, or DARTS, in November 2022 compared to 1.96 million transactions in the prior month.

Digital Assets

The rise of Crypto ETPs in traditional exchanges as crypto winter deepens

Institutional investors are increasingly looking at traditional regulated exchanges as their first route into digital assets amid market turmoil caused by the crypto winter and the collapse of several big names within the space, including FTX. Acuiti and Eurex surveyed 191 buy and sell-side firms on their views of the digital assets markets in order […]

Digital Assets

TP ICAP’s crypto arm receives FCA’s go-ahead

UK interdealer broker TP ICAP has received a regulatory go-ahead to launch its cryptocurrency services in the UK. The bid shows that the recent collapse of FTX exchange has done little to damp the interest of big names in running their own crypto business.

Industry News

Coin Signals founder to pay $2,847,743 after prison sentence over crypto Ponzi scam

The U. S. District Court for the Southern District of New York has ordered Jeremy Spence, founder of Coin Signals, to pay $2,847,743 in restitution to victims of a fraudulent virtual currency scheme.

Digital Assets

CME Group goes DeFi: Reference rates and real-time indices of Aave, Curve, Synthetix

“These rates are designed to provide traders, institutions and other users transparency and price discovery across a much broader range of tokens, allowing them to confidently and more accurately value cryptocurrency sector specific portfolios and manage price risk around various blockchain-based projects.”

<