“The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments” (Bleeping Computer, 2022).
Emotet is known for its wide-reaching spam efforts. Over the years, they have used multiple tactics to persuade victims into opening malicious attachments, but the latest uses malicious macros and scripts to download the Emotet DLL which is loaded into memory.
The malware will search for & steal emails, which it will use for future spam campaigns. It can also drop additional payloads like Cobalt Strike which can be used in additional attacks, such as ransomware.
Some recent Emotet campaigns are using password-protected ZIP files containing a Windows LNK file which pretends to be a Word document. After the victim opens the document, a Visual Basic Script is run which opens a VBS file.
A bug where the wrong shortcut name for the malicious file caused the malware to fail, but researchers determined over the weekend that the issue has been fixed and Emotet is again operating correctly.
- Don't open emails or download software from unknown sources
- Be wary before clicking on links/attachments in emails
- Don't supply passwords, personal, or financial information via email to anyone (Sensitive information can be used for double extortion.)
- Always verify the email sender's email address, name & domain
- Backup important files frequently & store them separately from the main system
- Protect devices using antivirus, anti-spam & anti-spyware software
- Report phishing emails to the appropriate security or IT staff immediately