Malicious actors behind the infamous Emotet malware have started to employ a new template that disguised as a Microsoft Office message urging users to update Microsoft Word to add a new feature, Bleeping Computer reports.
The Emotet malware, which is considered one of the most prevalent threats out there, usually spreads via spam messages containing Word documents with malicious macros, which, when enabled, will download and install Emotet on the victim’s computer. Once the malware is installed, Emotet will use the machine to send spam emails and ultimately install other malware.
To trick users into opening the email attachment and enabling the malicious macros, Emotet uses a variety of templates designed to look like invoices, shipping notices, resumes, purchase orders, or information related to ongoing COVID-19 pandemic. The spam messages come with malicious Word (.doc) attachments or include links to download the bait document.
Recently, Emotet has switched to a new template that pretends to be a Microsoft Office message prompting the recepient to update Microsoft Word in order to add a new feature. To do this, users are urged to click on the Enable Editing and then the Enable Content button, which will lead to the malicious macros execution. Once the macros is enabled, the Emotet malware is downloaded and installed into the victim’s %LocalAppData% folder.
The Emotet malware has been active since at least 2014. The Emotet botnet is deemed particularly dangerous as it is used to deliver a variety of malware, including the Trickbot and QBot trojans designed to steal stored passwords, bank information and other data from victims’ machines.
Last week, Microsoft announced it took down 120 of the 128 servers identified as Trickbot infrastructure around the world.