Emotet malware has new tricks to deploy its malicious code campaign, now disguising itself as fake Microsoft Office updates that wreak havoc…
It’s well-known in the cybersecurity world that malware threats morph and change over time. Just when there’s a fix, another version of the malicious program surfaces. Usually, they don’t become less dangerous, but even more so and generally more aggressive. A prime example is Emotet, which turned victims’ PCs into zombies and sent out over 250,000 malicious emails per day. Now, it’s gained new tools to pose increased risk.
Emotet Malware Now Triggers Fake Microsoft Office Updates
Researchers at Cryptolaemus have discovered that the botnet is now using new templates as part of its spam campaign. What’s worse, these phonies look exactly like system alerts from Windows Update. It spreads through malicious Word documents attached to spam emails. When opened, users see a prompt that requires conversion or updating to display the material properly.
Because it appears to be a legitimate Windows Update, it’s very hard to spot the scam. First appearing back in 2014, Emotet was originally designed as a banking Trojan. It’s initial purpose was to steal personal data — in particularly, banking information. Because it’s evolving, it can gain new capabilities, none of which are benign.