Authorities plan for mass-uninstall of Emotet on April 25th 2021

ByCraig Haley

Devices infected with Emotet are scheduled to be cleaned up on April 25th after law enforcement seized control of the Internet’s most dangerous and prolific botnet.

In January 2021, law enforcement agencies around the globe – after an extensive cyber investigation – took action and seized much of the infrastructure behind the notorious Emotet botnet, including “command and control” servers used to push malware onto infected devices. We previously discussed it here.

Emotet is a botnet. This means it is focussed on infecting devices with its “backdoor” malware, and keeping control over those infected devices (known as zombie devices.) The crooks behind Emotet would then hire out this illegal access to other criminals, who would then use their “hired” access to doing things such as install further malware, use infected devices as part of massive spam email campaigns, DDoS attacks or click fraud attacks.

A device infected with Emotet would regularly contact the command and control servers for instructions on what to do next. But now infected devices are being redirected to servers belonging to law enforcement, meaning the Emotet malware is effectively lying dormant.


Sponsored Content. Continued below...




But it’s still lying there nonetheless, on millions of infected devices, almost certainly without the owner of those devices aware of its existence.

But law enforcement, capitalizing on their control of the Emotet botnet, is in the process of pushing an uninstallation update onto infected devices. The uninstallation update will act like a time bomb, activating on April 25th 2021 at noon, and removing Emotet on all infected devices once and for all. The uninstallation update is, according to reports, being pushed onto infected devices by Germany’s BKA.

Why April 25th?

This is likely to give law enforcement time to analyse the extensive and complex network of infected devices, and to collect information on how Emotet worked and how it delivered payloads to different parts of the network of infected devices that it controlled. This will be much harder to do once Emotet is deleted.

And on April 25th 2021, millions of devices will finally rid themselves of the Emotet malware. While this is no guarantee that this will be the last we’ve heard of the Emotet botnet, it’s still a substantial win for the good guys.