26 October 2020

Emotet swithes to new template, urges users to update Microsoft Word


Emotet swithes to new template, urges users to update Microsoft Word

Malicious actors behind the infamous Emotet malware have started to employ a new template that disguised as a Microsoft Office message urging users to update Microsoft Word to add a new feature, Bleeping Computer reports.

The Emotet malware, which is considered one of the most prevalent threats out there, usually spreads via spam messages containing Word documents with malicious macros, which, when enabled, will download and install Emotet on the victim’s computer. Once the malware is installed, Emotet will use the machine to send spam emails and ultimately install other malware.

To trick users into opening the email attachment and enabling the malicious macros, Emotet uses a variety of templates designed to look like invoices, shipping notices, resumes, purchase orders, or information related to ongoing COVID-19 pandemic. The spam messages come with malicious Word (.doc) attachments or include links to download the bait document.

Recently, Emotet has switched to a new template that pretends to be a Microsoft Office message prompting the recepient to update Microsoft Word in order to add a new feature. To do this, users are urged to click on the Enable Editing and then the Enable Content button, which will lead to the malicious macros execution. Once the macros is enabled, the Emotet malware is downloaded and installed into the victim’s %LocalAppData% folder.

The Emotet malware has been active since at least 2014. The Emotet botnet is deemed particularly dangerous as it is used to deliver a variety of malware, including the Trickbot and QBot trojans designed to steal stored passwords, bank information and other data from victims’ machines.

Last week, Microsoft announced it took down 120 of the 128 servers identified as Trickbot infrastructure around the world.

Back to the list

Latest Posts

Two Romanians arrested for running malware services

Two Romanians arrested for running malware services

The duo allegedly operated the CyberSeal and Dataprotector crypting services, as well as the CyberScan service, which allowed their customers to test their malware against antivirus solutions.
23 November 2020
Manchester United discloses a ‘sophisticated’ cyber attack

Manchester United discloses a ‘sophisticated’ cyber attack

United officials said that are not aware of any breach of personal data associated with club's fans and customers.
23 November 2020
Hacker shares a list of nearly 50,000 vulnerable Fortinet VPN devices

Hacker shares a list of nearly 50,000 vulnerable Fortinet VPN devices

The list of vulnerable targets includes domains belonging to large enterprises, financial institutions, and government organizations from all over the world.
23 November 2020