A mysterious vigilante is sabotaging one of the world’s most dangerous malware strains

By Joel Khalili
published

Emotet malware payloads replaced with animated GIFs

(Image credit: Shutterstock / Sapann Design)

The vicious Emotet botnet (opens in new tab) has been torpedoed by an unnamed vigilante hacker, who is exploiting weaknesses in the botnet’s infrastructure to sabotage operations.

The saboteur, who is battling with Emotet operators for control, is replacing malware (opens in new tab) payloads with animated GIFs, rendering the botnet effectively impotent.

Reports from Cryptolaemus, a group of researchers dedicated to monitoring Emotet, suggest the vigilante is sabotaging roughly a quarter of malicious downloads associated with the botnet.

Emotet botnet

The Emotet botnet is said to be among the world’s most dangerous malware strains and was revived only last week after a five-month hiatus (opens in new tab), although the relaunch has been marred by the ongoing hack.

The attack on Emotet operations began on July 21 after the individual responsible managed to take control of web shells used to control payloads - and has escalated significantly in the six days since.

At first, the mysterious hacker meddled with only a handful of the botnet’s payloads, replacing malware downloads with comedy GIFs of James Franco, Blink 182 and Hackerman. The intrusion has continued to scale, however, and the vigilante has now reduced the botnet’s potency significantly.

“Since [the Emotet administrator] was having technical difficulties today, the hashes are way down and we barely saw much of anything,” wrote Cryptolaemus researcher Joseph Roosen on July 23.

The Emotet operators are reportedly still unable to eject the intruder from their systems, but have become more adept at spotting tampering and fixing malware payloads.

Although the identity of the mysterious saboteur remains unknown, rumors suggest either a rival cybercriminal syndicate or white hat hacker is responsible.

  • Here's our list of the best antivirus (opens in new tab) services around

Via ZDNet (opens in new tab)

Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

See more Computing news