An updated report by Cryptolaemus group says the Emotet group has risen up with a new lure to add victims to its bloatware. It’s now crafting the email attachments disguised as from the Windows Update service, asking targets to update their Office app by Enabling Macros. It’s reported to have been spamming in massive numbers in recent days.

Emotet Malware Is Back With a New Trick

Emotet is one of the well-known names in cybersecurity space, as it’s termed to be the major source of most of the malspam (malware spam) happening today. The group behind it uses the social engineering tricks like spam emails as their major weapon, to send their malicious attachments.

Crafting these emails to be trusted is an important part here since they need to be interacted by the target. Emotet group follows a rare technique called the conversation capturing, where it steals the email threads between users to drop itself in, with its malicious email to look related among them.

And since have a higher number of chances to open the email, Emotet tracks how they’re performing. All they ask from their operation is to Enable Macros, which is an automated scripting feature in Office apps. This option has some legitimate reasons to be included like it automates the repeated tasks, but also gives hackers the chance of running their payloads.

Once the target is convinced to enable them, it then drops the TrickBot malware, which is a backdoor that sets access to other malware of ransomware operators later. Thus, Emotet, being a Malware-as-a-Service, just needs to add as many as victims as possible to its network to be sold to others.

It does a lot of tricks to get itself in. And its latest update by Cryptolaemus group, Emotet was seen spamming targets with e-mails, impersonating as from Windows Service update and asking them to update their Office app by Enabling Macros! Since it targets corporates mostly, security researchers say educating the employees to detect suspicious emails is the prime way of avoiding these.


Please enter your comment!
Please enter your name here