Emotet: Notorious Malware Returns
Emotet is making headlines again with cybercriminals behind the sophisticated malware looking for victims once more. Cofense, an IT security research company, first observed Emotet becoming active again earlier this month.
Gateway for Emotet: Malicious Email Attachment
Malicious emails are being sent with unencrypted ZIP files attached to them. The emails appear to be replies to existing email histories, typically about finances and bills. The ZIP files do not require a password to unpack and contain Office documents with malicious macros. To execute the macro, recipients need to “Enable Content.” Upon execution, the malware is downloaded as a .dll file.
OneNote File Attachments to Bypass Hurdles and Restrictions
Emotet’s masterminds are now using OneNote file attachments as a way to circumvent restrictions. Malwarebytes, a security company, reported that OneNote file attachments are simple and effective at social engineering. The attached file contains a false notification that the document is protected. When victims double-click the “View” button, the clicks pass through and launch an embedded script which downloads the Emotet malware from the web as a .dll file.
Microsoft recognizes the vulnerability of OneNote attachments and is working on better protection against phishing attempts.
Emotet: One of the Most Dangerous Malware Pieces
Since 2018, Emotet has been threatening users across the internet with Trojan malware. Once the malware is started, it can load other Trojans, nest deep in the network, and install backdoors. Masterminds typically use well-crafted fraudulent emails to trick victims into running the malware.
Prosecutors dealt a significant blow to the infrastructure behind Emotet in early 2021, but the malware still reappears on the scene at irregular intervals.
