A Vigilante is Sabotaging the Emotet Botnet by Replacing Malware Payloads with GIFs
upstart writes in with an IRC submission for RandomFactor:
The Hero We Need.
A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs:
An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected.
The sabotage, which started three days ago, on July 21, has grown from a simple joke to a serious issue impacting a large portion of the Emotet operation.
According to Cryptolaemus, a group of white-hat security researchers tracking the Emotet botnet, the vigilante is now poisoning around a quarter of all Emotet's payload downloads.
[...] According to Cryptolaemus member Joseph Roosen, the Emotet gang is more than aware of this issue. In a conversation yesterday, Roosen told ZDNet the Emotet botnet has been down on Thursday, as the Emotet gang apparently tried to root out the attacker from their web shells network.
Despite Emotet's efforts, Roosen said that today, the vigilante was still present and replacing Emotet payloads with GIF files, albeit the Emotet gang was quicker than before at spotting the "replacement" and restoring the original payload.
Overall, the defacements appear to have caused Emotet activity to seriously go down this week.
Read more of this story at SoylentNews.