Check: Has my email address been hijacked by the Emotet malware?

Sicherheit (Pexels, allgemeine Nutzung)[German]Emotet malware (Trojan and ransomware) has been quite successful and has collected million email addresses and access data on compromised systems. As of April 25, 2021, the Emotet malware was automatically removed from Windows machines. Now, the FBI has handed over 4 million email addresses that they logged with during the seizure to the website Have I Been Pwned. There you can check if the addresses are compromised.


Troy Hunt, the operator of the website Have I Been Pwned (HIBP for short), published the information on Twitter this week that the FBI had provided him with a total of 4 million email addresses for HIBP. The goal was to inform the public or victims about the possible compromise.

Have I Been Pwned  and Emotet

From the 4,324,770 email addresses provided, originating from various countries, 39% were already known and included in the HIBP database. 

  • The email addresses along with login credentials were stored by Emotet for sending spam through the victims' mail providers.
  • Furthermore, Emotet collected victims' web credentials stored in browsers to speed up subsequent logins.

Troy Hunt has integrated all the data into his Have I Been Pwned page so that potential victims can check if they have been affected. Normally, after entering the email address, the information about whether it is known from a data leak appears. In the current case, however, Troy Hunt has classified the dataset as a "sensitive breach". Only the owner of an email address receives the information about a mail if the address was collected by Emotet. To do this, he must enter this e-mail address on the notify me website. There is also an option for a Domain search (see screenshot below), to allow admins in enterprises to check, if a mail-domain has been compromised. 

Notify me on Have I Been Pawned
Notify me on Have I Been Pawned


Affected e-mail accounts are then notified via this e-mail address that the access data had been tapped by Emotet. German site heise reports that the website of the Dutch police also offers such a service. In cooperation with the FBI, the following recommendations were created for those who find themselves in this data collection:

  • Keep security software such as antivirus programs up to date with current definitions. Keep operating systems and software patched.
  • Change your email account password. Also change passwords and security questions for any accounts you have saved either in your inbox or in your browser, especially sensitive online accounts (e.g., for bank accounts).

For administrators with affected users, follow the YARA rules published by DFN Cert, which also include the rules published by the German BKA writes Hunt.In addition, it is recommended to use different credentials for the various online accounts (i.e., never use the same password). Whether to store this in a password manager, because you can't remember the strong, and unique passwords, is something everyone must decide for themselves (there have been too many data leaks and hacks from this area – I keep a paper list). The other recommendation: turn on 2-factor authentication, if available (although that's not a panacea).

Emotet is a family of computer malware in the form of macro viruses that infect recipients with Trojans via the attachment of very genuine-looking emails. When a recipient opens the attachment or attachment of the email, modules with malicious functions are reloaded and made to run. The Emotet group has been responsible for numerous successful ransomware attacks against companies, government agencies and institutions worldwide. Emotet was considered the most dangerous malware in the world at the moment and has infected a high number of corporate, government and institutional IT systems, in addition to computers of hundreds of thousands of individuals. After the C&C servers of Emotet has been seized in January 2021, on April 25, 2021, the malware has been removed from all infected Windows machines (see Emotet Malware has been automatically uninstalled on April 25, 2021). More details may be found within the articles linked below.

Similar articles:
EmoCrash protectet systems for 6 months against emotet-infections
Cryptolaemus and the fight against Emotet
Microsoft warns of massive Emotet campaign
EmoCrash protectet systems for 6 months against emotet-infections
Warning about a new Emotet-Ransomeware campaign (Sept. 2020)
Microsoft warns of massive Emotet campaign
Emotet Trojan can overload computers on the network
Emotet C&C servers deliver new malware
FAQ: Responding to an Emotet infection
Warning about a new Emotet-Ransomeware campaign (Sept. 2020)
Emotet malware comes as a supposed Word update
New Emotet Campaign during the Holidays 2020
German BKA initiate a takedown of Emotet malware infrastructure
Emotet reportedly uninstalls itself on April 25, 2021
Details of Emotet uninstallation by law enforcement officials
Emotet Malware has been automatically uninstalled on April 25, 2021

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *