Rewterz Threat Alert – Emotet is Back from Holiday

Severity

High

Analysis Summary

Emotet is back from holiday after 3 weeks break and currently targeting 81 countries with spam emails with heavily targeting US and it’s neighboring countries. Threat actors using different email templates to lure users to click on the malicious links which includes subjects like invoices, reports, invite to holiday or even great thunberg climate change support requests.By clicking the malicious links will install emotet trojan.

Every spam email campaign when clicked will be delivered a message will be presented with a message stating that this “document only available for desktop or laptop versions of Microsoft Office Word.” It then prompts the user to click on ‘Enable editing’ or ‘Enable Content’ to view the document.

When a user opens the document, malicious macros will be executed that download the Emotet trojan from a remote server and executes it.

Impact

Exposure of sensitive information

Remediation

• Always be suspicious about emails sent by unknown senders.
• Never click on the links/attachments sent by unknown senders.