Emotet malware mass-uninstalled from infected devices worldwide

Emotet malware mass-uninstalled from infected devices worldwide

Emotet, one of the most dangerous malware on the threat landscape, was wiped from thousands of computers this week as part of an operation carried out by European law enforcement.

In January, Europol announced that the authorities from the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine took control over the Emotet’s infrastructure and redirected infected computers towards the law enforcement-controlled infrastructure.

The Ukrainian police's Cyberpolice Department also arrested two individuals suspected to have been involved in the botnet's infrastructure maintenance. According to the Ukraininan police, the suspects used the malware to compromise servers of private businesses and government organizations in Europe and the US. As a result of these activities, banks and financial institutions suffered $2.5 billion in losses.

As part of efforts aimed at disrupting Emotet’s operation law enforcement pushed a new Emotet module in the form of a 32-bit EmotetLoader.dll to all infected systems that instructed the malware to self-destruct on Sunday, April 25.

Earlier this month, the FBI conducted a successful operation in which it removed web shells from hundreds of hacked Microsoft Exchange servers.

Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025