Swiss information security body warns of wave of “Emotet” banking trojan malware

Maria Nikolova

“Emotet/Heodo” usually infects the targeted computers via Word files in emails.

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today posted a notice regarding malware that is increasingly targeting potential victims.

MELANI says it has observed a wave of instances of infections via “Emotet / Heodo” malware. Emotet is a banking trojan malware program which obtains financial information from the affected machine.

According to the Centre, criminals are sending emails with infected attachments (typically, a Word document). MELANI advises not to open the documents in emails from suspicious sources. However, these emails often mimic known sources. The rule of thumb is that in case of doubt one should call the sender to verify the email is a genuine one.

Once “Emotet” is installed, it may download ransomware on the affected machine.

In the event of an infection, MELANI recommends that you immediately disconnect the computer from all networks. It is essential that the system should be reinstalled following this and that all passwords should be changed.

After cleaning the computer, the back-up data (if available) can then be restored. If no data backup is available, it is advisable to retain the encrypted data and to save it so that it could possibly be decrypted at some later date in case a solution is found.

In all cases, MELANI recommends bringing the incident to the attention of the Cybercrime Coordination Unit Switzerland (CYCO) and reporting the case to the local police.

MELANI advises against paying a ransom because this will only strengthen the criminal infrastructure and thereby allow criminals to blackmail other victims. In addition, there is no guarantee that the key for decryption will be provided.

According to the latest malware stats from MELANI – those for the second half of 2018, Retefe continues to be one of the most significant banking Trojans in Switzerland. The malware is sent by email on behalf of well-known companies or institutions and targets both Windows and MacOS systems. The email attachments usually contain a malicious Word document, e.g. an purported invoice from an online shop, a delivery confirmation from a parcel supplier or information from the Federal Administration on contaminated drinking water.

Read this next

Retail FX

ThinkMarkets expands CFDs lineup to over 4000 ETFs and shares

ThinkMarkets has expanded its service offering by incorporating 2500 new CFDs on shares and ETFs on its ThinkTrader platform.

Retail FX

France regulator warns investors of Omega Pro,

France’s financial markets regulator alerted investors that scams related to Omega Pro Ltd are beginning to circulate, with the blacklisted firm capitalizing on the situation to run a range of “unrealistic” offers.

Digital Assets

Web3 platform Grand Time paid $2 million in token earnings to date

Community-driven Web3 platform Grand Time said its offering – which includes a multifaceted platforms and its native token – has been gaining significant traction highlighted by impressive operational metrics.

Institutional FX

FX volumes at MOEX halved in April as ruble gains gorund

Currency trading at Moscow Exchange (MOEX) halted its upward route in April as monthly volumes nearly halved from a month earlier.

Digital Assets

FTX US adds stock trading, fractional shares to crypto platform

FTX US, the American subsidiary of crypto exchange FTX has kicked off stock trading feature to its customers in an effort to compete with popular platforms such as Robinhood and eToro.

Industry News

UK FCA empowered to remove brokers’ permissions in 28 days

Businesses with permissions they don’t need or use, risk misleading consumers. These new powers will enable us to take quicker action to cancel permissions that are not used or needed.

Industry News

CFTC charges $44m Ponzi scheme but millions may have fled to foreign crypto exchange

The CFTC alleged that defendants transferred millions of dollars to an off-shore entity that, in turn, may have transferred funds to a foreign cryptocurrency exchange. None of these funds were returned to the pool.


Saxo Bank deploys Adenza to address Basel and EBA requirements

The integration of ControllerView will enhance Basel-driven capital calculations and reporting at Saxo Bank in support of the bank’s multijurisdictional capital and liquidity reporting requirements throughout Denmark, Switzerland and UK, with plans to expand into the Netherlands.

Executive Moves

ComplySci appoints CTO, CPO, and CLO to further regtech’s product expansion

ComplySci offers compliance software used by more than 1400 global institutions to identify risk and address regulatory compliance challenges.