Authorities plan for mass-uninstall of Emotet on April 25th 2021

Devices infected with Emotet are scheduled to be cleaned up on April 25th after law enforcement seized control of the Internet’s most dangerous and prolific botnet.

In January 2021, law enforcement agencies around the globe – after an extensive cyber investigation – took action and seized much of the infrastructure behind the notorious Emotet botnet, including “command and control” servers used to push malware onto infected devices. We previously discussed it here.

Emotet is a botnet. This means it is focussed on infecting devices with its “backdoor” malware, and keeping control over those infected devices (known as zombie devices.) The crooks behind Emotet would then hire out this illegal access to other criminals, who would then use their “hired” access to doing things such as install further malware, use infected devices as part of massive spam email campaigns, DDoS attacks or click fraud attacks.

A device infected with Emotet would regularly contact the command and control servers for instructions on what to do next. But now infected devices are being redirected to servers belonging to law enforcement, meaning the Emotet malware is effectively lying dormant.


Sponsored Content. Continued below...




But it’s still lying there nonetheless, on millions of infected devices, almost certainly without the owner of those devices aware of its existence.

But law enforcement, capitalizing on their control of the Emotet botnet, is in the process of pushing an uninstallation update onto infected devices. The uninstallation update will act like a time bomb, activating on April 25th 2021 at noon, and removing Emotet on all infected devices once and for all. The uninstallation update is, according to reports, being pushed onto infected devices by Germany’s BKA.

Why April 25th?

This is likely to give law enforcement time to analyse the extensive and complex network of infected devices, and to collect information on how Emotet worked and how it delivered payloads to different parts of the network of infected devices that it controlled. This will be much harder to do once Emotet is deleted.

And on April 25th 2021, millions of devices will finally rid themselves of the Emotet malware. While this is no guarantee that this will be the last we’ve heard of the Emotet botnet, it’s still a substantial win for the good guys.

Continued below...


Thanks for reading, we hope this article helped, but before you leave us for greener pastures, please help us out.

We're hoping to be totally ad-free by 2025 - after all, no one likes online adverts, and all they do is get in the way and slow everything down. But of course we still have fees and costs to pay, so please, please consider becoming a Facebook supporter! It costs only 0.99p (~$1.30) a month (you can stop at any time) and ensures we can still keep posting Cybersecurity themed content to help keep our communities safe and scam-free. You can subscribe here


Remember, we're active on social media - so follow us on Facebook, Bluesky, Instagram and X