New service checks if your email has been used in Emotet attacks


Level 51
Content Creator
Apr 24, 2016
A new service has been launched that allows you to check if an email domain or address was in an Emotet spam campaign.

Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. When opened and macros are enabled, it will install the Emotet trojan on a victim's computer.

When infected, Emotet will steal a victim's email and transmit it back to servers under the attacker's control. These emails will then be used as part of future spamming campaigns to make the malicious spam look legitimate.

Over time, the Emotet trojan will download and install other malware such as TrickBot and QakBot on an infected user's computer. These trojans are known to lead to ransomware attacks by the operators of Ryuk, Conti, and ProLock.

New service checks if Emotet uses your email
Today, Italian cybersecurity company TG Soft launched a new service launched called Have I Been Emotet that allows you to check if a domain or email address was used as a sender or recipient in Emotet spam campaigns.

TG Soft has told BleepingComputer that their database consists of monitored outgoing emails generated by Emotet between August and September 23rd, 2020.

During this period, they have collected over 2.1 million email addresses from around 700,000 outgoing emails.

To use the service, you can enter a domain or email address, and it will let you know how many times it was used.

To use the service, you can just enter a domain or email address, and it will let you know how many times the email address or domain was used as the sender of an email or the recipient.

When returning the search result, Have I Been Emotet will provide the following information:
  • REAL SENDER: Indicates that the computer using this email account has been compromised and used to send spam emails.
  • FAKE SENDER: Indicates that your mail was stolen and used in spam campaigns.
  • RECIPIENT: Indicates that you were the recipient of an Emotet spam email.
Read the full article here at Bleeping Computer: