This week, researchers noticed that Emotet attacks using a new prototype that feigns to be a Microsoft Office message exhorting the receiver to inform their Microsoft Word to add a new feature.
Emotet junk messages influence templates to trick the victims into allowing macros to start the infection.
Once malware is installed, Emotet will download extra payloads on the machine, including ransomware, and use it to send junk emails.
Active at least since 2014, the botnet is run by a threat actor tracked as TA542. In the middle-August, the malware was used in fresh COVID19-themed spam campaign.
Fresh spam campaigns used messages with malevolent Word documents, or links to them, feigning to be an invoice, delivery information, COVID-19 information, resumes, fiscal documents, or scanned documents.
The notorious banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).
Lately, the Cybersecurity and Infrastructure Security Agency (CISA) delivered an alert to caution of a flow of Emotet attacks that have beset multiple state and local governments in the U.S. since August.
During that time, the agency’s EINSTEIN Intrusion Detection System has noticed roughly 16,000 alerts related to Emotet activity.
In a fresh campaign seen on October 14th, the invaders are using many baits, including invoices, purchase orders, shipping information, COVID-19 information, and information about President Trump’s health.
“Emotet switched to a new template this week that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature.” It was reported.
“Due to this, it is important that all email users recognize malicious document templates used by Emotet so that you do not accidentally become infected.” concludes Bleeping computer.