Emotet Returns: Here's a Quick Look into new 'Windows Update' attachment
Originating as a banking malware, Emotet Malware was first discovered by security researchers in the year 2014, but, the threats by Emotet have constantly evolved over the years. At present, the malware is highly active as its developers continue to evolve their strategies, devising more sophisticated tricks and advancements. Recently, it has been noticed to be delivering several malware payloads and is also one of the most active and largest sources of malspam as of now.
The operators behind Emotet are sending spam emails to unsuspected victims to trick them into downloading the malware; botnet has started to employ a new malicious attachment that falsely claims to be a message from Windows Update asking victims to upgrade Microsoft Word. It begins by sending spam email to the victim containing either a download link or a Word document, now when the victim happens to ‘Enable Content’ to let macros run on their system, the Emotet Trojan gets installed. In their previous malspam campaigns, used by the criminals were said to be from Office 365 and Windows 10 Mobile.
How does the malware works?
Once installed, the malware tries to sneak into the victim’s system and acquire personal information and sensitive data. Emotet uses worm-like capabilities that help it spreading itself to other connected PCs. With add-ons to avoid detection by anti-malware software, Emotet has become one of the most expensive and dangerous malware, targeting both governments as well as private sectors.
The malware keeps updating the way it delivers these malicious attachments as well as their appearances, ensuring prevention against security tools. The subject lines used in a particular malspam campaign are replaced by new ones, the text in the body gets changed and lastly the ‘file attachment type’ and the content of it are timely revised.
Emotet malware has continuously evolved to the levels of technically sophisticated malware that has a major role in the expansion of the cybercrime ecosystem. After a short break, the malware made a comeback with full swing on October 14th and has started a new malspam routine.
Originally discovered as a simple banking Trojan, Emotet’s roots date back to 2014 when it attempted to steal banking credentials from comrpmised machines. As per recent reports, Emotet also delivers third-party payloads such as IcedID, Qbot, The Trick, and Gootkit.
from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/34cjYjx
Comments
Post a Comment