top of page
Writer's pictureHarisuthan

Emotet Malware is back



Emotet is a Trojan that is primarily spread through spam emails. The infection may arrive either via malicious script, macro-enabled document files, or malicious link


Emotet was first identified in 2014 as a relatively simple trojan for stealing banking account credentials. Within a year or two, it had reinvented itself as a formidable downloader or dropper that, after infecting a PC, installed other malware


  • The ability to spread to nearby Wi-Fi networks

  • hard to detect as malicious

  • File less infections, such as PowerShell scripts that also make post-infections difficult to detect

  • Worm-like features that steal administrative passwords and use them to spread throughout a network

Emotet Malware


Emotet malware operation is back at business. After a short break, An recent phishing campaign is looking for new victims to infect with some old school techniques in-addition to combat Microsoft’s security controls.


Working:

  1. The Emotet operators via email, an maliciously crafted mail which sends a spoofed reply email to a legitimate email thread.

  2. After Emotet infects a system, it collects email messages from the local system and uploads them to the attacker.

  3. The attacker then sends a spoofed email with the content from the legitimate email chain from an attacker controlled email account.

  4. The victim receives the phishing email that appears to be a reply from a previous legitimate email exchange. This phishing campaign uses Microsoft Excel files with malicious macros (automated code) to infect the system.

  5. Note: Microsoft opens Office documents downloaded from the web in Protected View

  6. This specific process required an action from the user to take additional steps to run the malicious macros.

Reference:


94 views0 comments

Recent Posts

See All

Commenti


bottom of page