The malicious program operators have been silent for five months and have now again started to spam emails with malicious programs after the vacation. Emotet is the malware typically spread using phishing email campaigns that rely on Word or Excel documents with malicious pieces.
Emotet was always considered the most distributed and the most active threat of its kind. However, actors stopped these operations for a while on June 13th, 2022. Activities stopped for a while, and the malware got silent. Recent reports showed that Emotet has been spamming users worldwide with malware again.
How the malware started again ?
Researchers stated that new operation campaigns rely on the usage of emails stolen from email reply chains. This way, Emotet can distribute malicious Excel attachments to further infect machines with malware. These campaigns target various users in the world under different languages and file names with email attachments that pose as invoices, scans, and electronic forms, using other luring methods.
Emotet Excel attachments instruct users to copy the file into trusted folders named templates, and doing so bypasses the Protected View. It works with files containing a Microsoft Office Mark-of-the-Web flag.
The system should show a warning about copying to the Templates folder, but users most likely ignore that and click the Continue button, which ensures the procedure.
As Emotet and other malwares increasing day by day organizations, as well as users, need to improve their malware security solutions.
Few samples were uploaded to virustotal.
Emotet URLs detected