A malware botnet that was used by cybercriminals to infiltrate thousands of companies and millions of computers worldwide has been taken down in an international operation.

The operation, which was co-ordinated by Europol and Eurojust, led to raids on property and its operators being taken down in Ukraine this week. It follows law enforcement agencies across Europe and North America spending nearly two years mapping the infrastructure of the botnet.

Emotet is malware that not only infects computers but also allows other malware to gain access and damage networks. This has led to Europol branding Emotet ‘the world’s most dangerous malware”

Once the malware had “opened the door” to a computer system, criminals would sell the access to other criminal groups so they could carry out data theft and ransomware extortion, said Europol.

A Europol spokesperson said: “The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale.”

The Emotet malware was delivered to computers via infected email attachments.

“A variety of different lures were used to trick unsuspecting users into opening these malicious attachments,” said Europol. “In the past, EMOTET email campaigns have also been presented as invoices, shipping notices and information about COVID-19.

“All these emails contained malicious Word documents, either attached to the email itself or downloadable by clicking on a link within the email itself. Once a user opened one of these documents, they could be prompted to “enable macros” so that the malicious code hidden in the Word file could run and install EMOTET malware on a victim’s computer.”

Law enforcement agencies law enforcement and judicial authorities gained control of the infrastructure and took it ‘down from the inside’.

“The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure.  This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime”.

This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine.