Emotet comes with a new template of phishing pretends to be a Microsoft Office message urging the recipient to update their Microsoft Word to add a new feature.
Upon installing the malware, Emotet will download additional payloads on the machine, including ransomware, and use it to send spam emails.
The botnet is operated by a threat actor tracked as TA542. Recent campaigns tricked with malicious word doc’s with Covid themed info
Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities.
In a recent campaign ,the attackers are using multiple lures, including invoices, purchase orders, shipping information, COVID-19 information.
The spam messages come with malicious Word (.doc) attachments or include links to download the bait document.
“Emotet switched to a new template this week that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature.”. reported researchers
Below the messages displayed to the recipient to trick him into opening enabling the macros.
Upgrade your edition of Microsoft Word
Please click Enable Editing and then click
Upon enabling the macros, the Emotet malware is downloaded and installed into the victim’s %LocalAppData% folder
Users should be educated aware about the legitimate and Phishing mails. Proper defence in depth strategy to get escaped from these anomalies