Exploiting a viral topic for malicious purposes is something quite often seen is spam campaigns. This is what is happening now with the new strain of the coronavirus.
A new spam, botnet-driven campaign is spreading malicious files masqueraded as documents with video instructions on how to protect against the coronavirus. Instead of learning anything useful, the potential victim would get a computer infection ranging from Trojans to worms, says telemetry data from IBM X-Force and Kaspersky.
The Coronavirus theme is spreading the Emotet malware
As pointed out by security researchers, the irony is that one virus is being used as a pretext to deliver another virus. In this spam campaign, threat actors are distributing the Emotet malware.
Most of the analyzed emails were written in Japanese. This could mean that the attackers are targeting specific geographic locations that may be more impacted by the coronavirus outbreak. As for the subject lines of these emails, they contain the Japanese word for “notification”. Creating a sense of urgency is one of the oldest tricks in malicious spam.
Previously, Japanese Emotet emails have been focused on corporate style payment notifications and invoices, following a similar strategy as emails targeting European victims. This new approach to delivering Emotet may be significantly more successful, due to the wide impact of the coronavirus and the fear of infection surrounding it, says IBM F-Force.
Aside from using the coronavirus as a lure, the campaign doesn’t stand out with anything particular. Typically, upon opening the attached document which is presented as a .PDF, .MP4, or .DOC file, the user is prompted to enable the content. If the document is opened with macros enabled, an obfuscated VBA macro script will run Powershell to install an Emotet downloader in the background.
“The extracted macros are using the same obfuscation technique as other Emotet emails observed in the past few weeks,” says IBM X-Force.
In December 2019, Emotet operators were actively spreading phishing emails with the intention of scamming the recipients into believing that they are receiving Christmas party menus. The emails included subject lines such as “Christmas” or “Christmas Party” as a lure.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: