Emotet (đź‘ą) . Now asks to update MS Word ! Tricky

Emotet comes with a new template of phishing pretends to be a Microsoft Office message urging the recipient to update their Microsoft Word to add a new feature.

Upon installing the malware, Emotet will download additional payloads on the machine, including ransomware, and use it to send spam emails.

The botnet is operated by a threat actor tracked as TA542. Recent campaigns tricked with malicious word doc’s with Covid themed info

The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities.

In a recent campaign ,the attackers are using multiple lures, including invoices, purchase orders, shipping information, COVID-19 information.

The spam messages come with malicious Word (.doc) attachments or include links to download the bait document.

“Emotet switched to a new template this week that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature.”. reported researchers

Below the messages displayed to the recipient to trick him into opening enabling the macros.

Upgrade your edition of Microsoft Word
Please click Enable Editing and then click
Enable Content.

Upon enabling the macros, the Emotet malware is downloaded and installed into the victim’s %LocalAppData% folder

Users should be educated aware about the legitimate and Phishing mails. Proper defence in depth strategy to get escaped from these anomalies