Malware distribution network Emotet has been hacked by a potential threat actor of unknown origin, substituting malware for humorous GIFs. As a result, instead of being hit with malware, users who click on malicious links from Emotet spam have been seeing images of James Franco and others such as “Hackerman” from the 2015 film “Kung Fury.” Members of “Cryptolaemus,” an informal group of security researchers who track Emotet, noted on Twitter last Friday that Emotet activity had suddenly declined and that the “Hackerman” GIF was loading instead of malware in around 25% of the cases. While this may seem a benign prank, it does raise concerns that the large-scale distribution of Emotet could be intercepted and replaced with payloads that are less detectable in the future.
Hacking hackers, especially in such a rare and spectacular fashion, is a way of mitigating the huge threat posed to many people and organisations – but it doesn’t come without added risk. In this possible benign prank, it must be noted that those involved may be starting a cyber battle with very prominent threat actors. If there are any remnants left behind, they could be making a target for themselves, which is not advised. Although this is potentially for the greater good, there are other, safer ways to reduce the constant barrage of attacks from malware distribution networks.