Emotet - BSI warning against malware (also for Mac computers)

The Federal Office for Information Security (BSI) is currently providing information on its Citizen website on the subject of "Emotet". This is malware that gets onto the computer via email. The procedure is particularly tricky: the Emotet senders use the contacts found in the e-mail accounts of infected systems and then send e-mails to their victims, who in turn think that the messages from friends, acquaintances, Colleagues or other existing contacts. Details and the possibility that, in addition to a Windows PC, the Apple Mac can also be affected, I present to you here.

Emotet - that's the name of the malware, viruses,

Trojans and ransomware can bring from the boarding school to PC and Mac. Details about the Emotet warning can be found here." width="1024″ height="484″ /> Emotet – that's the name of the malware that contains viruses, Trojans and Ransomware from boarding school to PC and Mac. Details on the Emotet warning can be found here.

BSI warning of fake emails and Emotet

The German Federal Office for Information Security advises caution on the above-linked page on the subject of Emotet. Since the e-mails in which the Trojan horse software is hiding appear authentic due to the correct salutation, a known sender and familiar greetings, many of those affected would carelessly open the attached files or links. Once that has happened, the recipient opens the door to various other infections. So it says in the contribution of the BSI:

Once the computer is infected, Emotet reloads additional malware, such as the banking Trojan Trickbot. These malicious programs lead to data leakage or give the criminals complete control over the system. In several cases known to the BSI, this resulted in major production downtimes because entire company networks had to be rebuilt. For private users, an infection can mean the loss of data, especially important access data.

Patch, fix and antivirus software

For prophylaxis, the office has issued a list of measures that should be followed and observed. Among other things, it says that updates for the operating system and apps should be downloaded promptly - i.e. for Windows, macOS, programs such as Word, Excel and e-mail clients such as Thunderbird, Mail, Outlook, etc. Web browsers should also be kept up-to-date . In addition to anti-virus software, regular backups are also recommended so that lost data can be restored in the event of an infection.

I will soon be addressing the topic of antivirus software again explicitly in another post, but I would NOT install any antivirus software on the Mac at this point, as it often creates security holes that you would not have without it. In addition, Apple usually deletes such malicious codes from the system itself with small security updates when malware actually makes the rounds on Macs.

And last but not least, of course, the most important but also the most logical advice from the BSI: Only open file attachments and links from emails if you are sure that they do not contain any danger. If necessary, ask the apparent sender whether anything was sent at all: 

In the case of a suspicious e-mail, you should call the sender in case of doubt and inquire about the credibility of the content.

What if I am already affected by Emotet?

With regard to your own computer, it is advisable to set it up completely from scratch. This means that the hard drive is erased (“flattened”) and the operating system is reloaded. With such an all-round reinstallation, data and apps are of course lost, which in turn leads to the backup mentioned above.

In addition, you should inform all e-mail contacts that your own mailing system is affected and that attachments or links should only be opened after consultation. Also important: change all access data (at least the passwords) of the affected services and systems. This applies, among other things, to the passwords that were saved in the browser (Chrome, Safari, etc.) for page access, banking and the like.

How exactly does Emotet get on the computer?

But what exactly happens when files are opened so that the malware can find its way? That puts, among other things, heise in this post Briefly explained: The e-mail attachments are mostly Office files, for example Word or Excel documents.

These contain so-called macros, i.e. automated chains of commands which, in the conventional sense, relieve the user of work and B. Adjust layouts or fill tables. However, modified accordingly, they also act outside the Microsoft Office app and access the Internet, for example, to compare or download data. And that's exactly where the crux of the matter lies - viruses, Trojans, and maybe even viruses are created by macros Ransomware downloaded.

Here you can see a screenshot of a Word file with a macro virus attached. When you open it, the Mac asks whether you want to run or activate the macros. Such files and emails should be deleted immediately.

Here you can see a screenshot of a Word file with a macro virus attached. When you open it, the Mac asks whether you want to run or activate the macros. Such files and emails should be deleted immediately.

Own case: Macro request on the Apple Mac

Most Emotet reports and help articles are aimed at Microsoft Windows PC users. However, the MS Office software can also be used under macOS. I myself recently received an e-mail with a Word document as an attachment and when opening it on the Apple Mac I was asked whether I would like to activate macros (which is actually always deactivated by default).

Of course I clicked "No" - but if you don't know what macros are, you could not suspect anything bad and click "Yes". That would open the gateway. So in order to minimize the risk to the system, hard drive content, access data and contacts, you should first ask on any computer whether the sender really sent something and, if in doubt, do not run any foreign macros.

Do you have any tips, hints or descriptions of your own case? Then please leave a comment on Emotet. 

-
Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

4 comments

  1. Julia says:

    Hello Sir Apfelot,

    now I fell for the hundredth email and opened the attachment on my Mac. If you click "Disable macros", has Emotet been blocked safely and 100%? Thanks and best regards, Julia

  2. GM says:

    My win-Fechner was attacked by goodkit. The Mac is on the same fritzbox. Can gootkit infect the mac with emotet via the network?

    • Jen Kleinholz says:

      Hello GM! I do not think so. To do this, the Mac would have to be in the network with write permissions and not require a password if someone wants to change their data. I think that's rather out of the question. I don't even know how to set it up so "openly". : D

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * marked