It is not the first time that the Emotet Malware campaign is out in the wild. They have recently changed their strategy. They send out emails and are claiming to be from ‘Windows Update’, which tells users to upgrade their copy of Microsoft Word.
If you are an unsuspecting user, the words Windows Update and Microsoft Word would sound legit to you and would make you think that this spam email is something you need to do. In some variants, it would say Microsoft Excel and would normally contain documents and download links. Once opened, the attachments prompt users to ‘Enable Content’ to allow macros to run, which then in turn install the Emotet trojan.
Tech savvy users can easily spot this a mile away, however, to an untrained eye they would easily be fooled. Thus the said users would easily enable the macros. Emotet uses different document templates and trickeries, such as claiming to be created on iOS, Windows 10 Mobile, and older versions of Office, or being a protected document.
They try to be as convincing as possible to trick normal users to click and infect their computers. They even ride on current events as keywords for their malware campaign. For example, last year used the name of activist Greta Thunberg along with a fake invitation from her to join a climate change protest.
When the COVID-19 pandemic started early this year, they exploited people’s fears by sending tons of emails loaded with malware that was pretending to offer information on how to protect against the COVID-19 infection. There was even a recent iteration stating there is a document claiming to contain information on Donald Trump’s health after he tested positive.
Their creativity is endless and relentless. The list goes on and on and it has even used emails disguised as volunteering opportunities within the Democratic Party, payment reports, Covid-19 alerts, shipping data, and job opportunities and a whole lot more to mention.
It was originally designed as a Banking Trojan when it first came out 2014 but later on evolved to do downloads and installs to bundle other malware and ransomware.
Once you get your computer infected, it can spread via the local network and is difficult to detect and remove.