Emotet, the notorious banking trojan, is very active at present and its operators keep coming with new tricks and updates. The notorious trojan is one of the biggest sources of malspam right now and has been observed delivering various malware payloads. Recently, the trojan has been spotted using fake Windows update lures to fool recipients.
Cybercriminals are sending spam emails with an attachment showing a message claiming to be from the Windows Update service. The message tells recipients to update their outdated Office app.
- The spam emails are found using spoofed identities, impersonating acquaintances and business partners. Such update-related lures have been observed all across the world.
- In addition to this, the recent attack was observed to be using conversation hijacking. Attackers hijack the email threads from ongoing business conversations and add malicious documents as attachments.
- On some of the infected hosts, Emotet was found delivering a modular banking trojan Trickbot, which can further be used in other malicious operations according to attackers’ needs.
In recent attacks, the trojan has been targeting state and local government agencies in the U.S. Since July, around 16,000 activity alerts have been observed by the CISA.
- In early-October, tens of thousands of emails were sent asking recipients to support the Democratic Party of the U.S. These emails were having a malicious Word document delivering Emotet.
- Last month, Universal Health Services was hit by Ryuk ransomware. The attack used Emotet to deliver TrickBot, which opened a reverse shell for the Ryuk operators.
Emotet is regularly making news and joining hands with new ransomware families, which makes it all more a serious threat. According to security experts, the best way to avoid such attacks is awareness and training. In addition to this, spam emails could be identified by knowing and protecting against the typical lures used by this trojan.