Emotet is making rounds in the wild once again
After a brief absence, the infamous Emotet malware is once again being spread, this time through Microsoft OneNote email attachments to evade macro-based security controls and infiltrate systems.
What Is Emotet?
In summary, Emotet is a sophisticated “all-in-one malware” used by threat groups to download additional malware and steal data by intercepting network traffic, or to enlist infected devices in their botnet network. The malware has been active since 2014 and has been used to target both individuals and organizations, as well as government networks. It was initially created as a banking trojan and is believed to be of Eastern European origin.
Last year, AdvIntel released a report revealing that across the globe, 1,267,598 Emotet infections were identified, with major spikes during the months of February and March, as well as June and July. The malicious software was employed by post-Conti ransomware gangs like Quantum and BlackCat.
Emotet Is Back Once Again, Using Microsoft OneNote Files
This year, after being absent for three months, Emotet reappeared last week when the botnet Epoch 4 sent out malicious emails with infected Office macros. Despite the attachments being very large in size, it was surprising to see that Emotet adopted the same attack format.
Microsoft has been implementing a system of blocking macros from downloaded documents since last summer, forcing criminals to reconsider their methods of delivering malware via malspam. As a result, other criminal gangs began using Microsoft OneNote documents. It seems that currently Emotet is following suit.
The OneNote file appears to be simple, but is actually a clever way to socially engineer users with a false notification claiming that the document is secured. When instructed to double-click on the View button, the victim unknowingly double-clicks on an embedded script file instead.
Following a successful installation, Emotet will then interact with its command and control servers to gain further instructions.
Even though Emotet has had breaks in activity, and was even entirely shut down by law enforcement, it remains a severe menace proving how sophisticated social engineering tricks continue to have high infection rates. Although macros may eventually become obsolete, they will quickly weaponize another popular platform to breach both organizations and individuals.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: