Emotet Botnet Makes An October Surprise Return With Windows Update Malware Trickery
This month, the Emotet botnet is going trick or treat, and it is only occupied with tricking. Previously, the malware spread by utilizing spam campaigns with Word or Excel files, but the botnet is back after a short hiatus. It is now using email “spam campaigns pretend to be invoices, shipping information, COVID-19 information, information about President Trump's health, resumes, or purchase orders, as shown below.” These emails contain malicious Word documents that load up scripts and ruin your day.
BleepingComputer reports that “With its return to activity, Emotet switched to a new template that pretends to be a message from Windows Update stating that Microsoft Word needs to be updated before the document can be viewed.” The message will tell the user to “Enable Editing” and “Enable Content,” at which point Emotet will download malware to the target computer.
With the self-download and installation, Emotet is incredibly dangerous as it can install other malware beside itself. Furthermore, “Emotet is considered the most widely spread malware targeting users today.” It can lead to password theft, ransomware attacks, or other malicious actions. Emotet was in the news earlier this year, though, as it was easily disrupted by researchers that went on offense. Hopefully, Emotet will remain a target for whitehat hackers.
If Emotet has fixed the problems they encountered, they will likely come back in full force this month. If anything can be taken away from this, simply be wary of documents and files you receive. Unless you are expecting a document from someone, you can generally discard documents to keep yourself safe. As we have seen previously, this is a ramp-up in malware leading up to the election, so keep an eye on HotHardware to stay alert of new cyber threats.
(Image courtesy of BleepingComputer)