The Communications Authority of Kenya (CA) has raised the alarm over a harmful software that has accessed the confidential information of some Kenyans using online banking and payment systems.
The malware dubbed Emotet has been active globally and has now affected 11 Kenyan institutions in the private sector and academia, which, however, remain unspecified.
Individuals and institutions are vulnerable to Emotet because it poses behind familiar alerts, which seem to have legitimate branding from targeted financial institutions. It is spread through malicious email attachments or links posing as invoices, payment notifications and bank account alerts, among others.
“Emotet may result in temporary or permanent loss of sensitive or proprietary information, disruption to regular business operations, financial losses related to restoration of systems and files as well as the potential harm to an organisation’s reputation,” said CA in a press statement issued on Monday.
Some cybercriminals behind the virus, which harvests sensitive information and spreads fast, ask for ransom as they take over control of the system.
In November last year, Emotet attacked some institutions in the United States, the United Kingdom, Turkey, and South Africa, among other countries.
In July last year, the US Computer Emergency Readiness Team noted in a security warning that Emotet infections had cost state, local, tribal, and territorial governments up to $1 million per incident to resolve.