What is Emotet malware & how to remove it on Mac?

Emotet is the name given to a Trojan horse first discovered by security researchers in 2014. It was originally designed as a banking Trojan — one that, once installed on a computer, tries to steal sensitive data, such as login details for online banking websites.

What is Emotet?

It’s a type of malware known as a banking Trojan that has evolved in the years since it was first discovered and now does more than just try to steal sensitive data. It has added spamming and malware delivery to its arsenal, making it a particularly dangerous piece of malware.

Did you know: 

Emotet is so destructive that the US Department of Homeland Security estimated that it cost more than $1m per incident to clean up.

As well as having a nasty payload, Emotet uses the same techniques as worm viruses to spread quickly. It has developed methods for evading detection, such as the ability to identify whether it’s running in the kind of sandbox (safe, controlled space) that security researchers use to monitor malware. If it detects that it’s running in a sandbox, it will lie dormant.

How does Emotet spread?

The primary distribution method is email spam. Emails pretending to come from a shipping, online shopping site, or business client arrive in users’ inboxes carrying a document with a malicious macro, a script, or sometimes a link. Macro documents and scripts immediately contact a central server to download the malware when they are opened.

Emotet also trawls through the users’ lists of contacts and spams them with emails that look like they have come from the hacked user. Emotet also uses lists of common passwords to mount brute-force attacks on servers to which the original computer is connected.

What damage does Emotet do?

Originally, Emotet was only interested in ransacking your computer for sensitive data like banking passwords. However, it now does much more than that, including spreading ransomware and other forms of malware. For example, according to Gizmodo, a ransomware attack on Lake City, Florida, triggered by Emotet, cost the town nearly half a million dollars in ransom payouts. Emotet also has a money transfer system and modules designed to attack German, Austrian, and Swiss banks.

In September 2019, a botnet started spamming Emotet to people in Germany, Poland, Italy, and the UK with emails that had subject lines like ‘Overdue invoice’ and ‘Remittance Advice.’

Image credits: welivesecurity.com

The messages had attachments that comprised a Word document with a malicious macro. When the document was opened, the infected computer connected to compromised WordPress sites and downloaded Emotet.

Signs of Emotet covert activity

If you notice that any online accounts have been compromised or spot unusual activity in your bank account, it may be a sign of Emotet activity on your Mac. Also, if your friends, colleagues, and acquaintances have received spam email that looks like it came from your email address, that could be caused by Emotet.

Who has been hit by Emotet?

Individual users, companies, and government organizations in Europe and the US have been targeted. However, the good news is that for now, at least, Emotet only attacks Windows computers. That doesn’t mean Mac users are safe, of course. Once Emotet has compromised a Windows PC on a network, it can install and spread other malware across the web, which may impact Macs.

How to remove Emotet

As we said above, there is no need to remove Emotet from a Mac, as it doesn’t attack Macs. However, if your Mac has been connected to a network that includes a PC that Emotet has attacked, it may have other malware installed on it. If that’s the case, you should scan your Mac for malware. There are lots of anti-malware apps available for the Mac, but we recommend CleanMyMac X.

The app itself is easy to use and also has a raft of other tools to help keep your Mac free from junk and running smoothly. CleanMyMac X is also notarized by Apple, which means it has reviewed it and found it to be safe enough to get past GateKeeper.

So, how do you scan your Mac for malware using CleanMyMac X?

  1. Install and open CleanMyMac X — download the app for free here.
  2. In the sidebar on the left, choose Malware Removal.
  3. Click Scan.

CleanMyMac X will now scan your Mac and compare what it finds with its huge database of known malware. If it finds a match, it means your Mac is infected. But don’t worry, CleanMyMac X can take care of it. Just click Remove to eliminate the threat. You can also enable real-time protection to make sure no malicious program can sneak into your Mac. Here’s how to do that.

  1. Open CleanMyMac X.
  2. Click on the CleanMyMac X menu and select Settings.
  3. Select the Protection tab.
  4. Select the box next to ‘turn on real-time protection.’

Remember we said earlier that CleanMyMac X can do more than just get rid of malware? Well, one of the other things it can do is clear out email attachments you don’t need. And, given that Emotet and other malware are distributed by email, it’s a good idea to delete attachments once in a while. It will also free up lots of space on your startup disk.

CleanMyMac X - Mail Attachments module
  1. Open CleanMyMac X and choose the Mail attachments module.
  2. Choose the email client to clean up the attachments.

Banking Trojans are designed to steal sensitive data like login details for internet banking websites. And Emotet is a well-known example. First discovered in 2014, it has evolved and now includes the ability to download more malware onto an infected computer and spread via networks, like a worm. Fortunately, at the moment, it only attacks Windows PCs. But Macs on the same network as an infected PC could be hit by other malware. To combat this, we recommend scanning your Mac with CleanMyMac X and cleaning up email attachments regularly.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.