In August, the Emotet botnet operators began using a new template, named ‘Red Dawn,’ for the malevolent attachments used in new operations.
The Emotet malware returned in July 2020, following a five-month hiatus, and started vomiting huge amounts of malicious spam across the globe.
These spam operations pretend to be invoices, shipping information, COVID-19 information, resumes, financial documents, or scanned documents.
On being opened, these attachments will force a user to ‘Enable Content’ so that malicious functions will run to install the Emotet malware on a victim’s computer.
To deceive a user into allowing the macros, Emotet has been using a document template that informs uses that the document was fashioned on iOS and cannot be correctly seen unless the ‘Enable Content’ button is clicked.
Emotet is thought to be the most extensively spread malware targeting users today. It is also mostly damaging as it will install other dangerous malware such as Trickbot and QBot onto a victim’s computer.
While TrickBot and QBot can do different malicious actions, they both will seek to steal stored passwords, cookies, banking information, and various other information from a victim’s computer.
To worsen the situation, both trojans are known to provide access to threat actors who install ransomware such as Conti (TrickBot) or ProLock (QBot) throughout the network.
Because of this, it is important to identify the malicious document templates used by Emotet so that you do not unintentionally become infected.