Its operators Emotet malware found a new way to deceive the victims their. They display a message that appears to come from Microsoft products Office and says that Microsoft Word needs to be updated to add a new feature.
Emotet is distributed through emails that include Word documents with malicious macros. When the user opens the documents, it is called to activate the macros, so that it downloads (without knowing it) the Emotet malware in computer of.
Once installed, Emotet will use the computer to send spam messages and eventually install other malicious programs that could lead to ransomware attack in the victim network.
New malicious template
So far, Emotet operators have come up with various ways to deceive the victims and make them open a malicious attachment. The malicious ones emails say they contain invoices, notices, resumes, orders or even information about him COVID-19: etc.
All of these are contained in Word (.doc) documents or links that download a document.
When the user opens the Word attachment, they will be asked to “Enable contentTo run malicious macros that will install Emotet malware on its computer.
To deceive them users and enable them to activate macros, Emotet uses various designs or templates, which display a warning to the user.
The new template appears as a Microsoft Office message, which tells you that Microsoft Word needs to be updated to add a new feature.
Specifically, the message says:
"Upgrade to Microsoft Word
Upgrading your version will add a new feature to Microsoft Word.
Click Enable Editing, and then click
Enable content ”.
In accordance with BleepingComputer, if the user follows the above instructions, will be executed in computer its malicious macros. These macros will download and install Emotet malware in the% LocalAppData% folder.
We need to recognize the malicious attachments of Emotet malware
Emotet malware is most common malware nowadays. It is especially dangerous as it allows the installation of others malware (Trickbot and Qbot) on the infected computer.
For this reason, it is important to recognize the malicious templates used by Emotet and generally be careful with emails we receive.