Following a brief break over the holidays, the Emotet malware has returned and is now being used by cybercriminals to target banks and financial institutions in the US and UK according to new research from Menlo Security.
While Emotet started out as a banking trojan and later evolved into a botnet, its creators are now leasing it out to others who wish to distribute their own malware.
Emotet activity appeared to be in decline at the end of last year but unfortunately the malware resurfaced in January. Researchers at Menlo Security explained how Emotet is now being used in a new campaign to target banks and financial institutions in a blog post detailing their findings, saying:
- United Nations hit by major phishing attack
- Coronavirus malware infects thousands of devices worldwide
- These were the worst malware strains of 2019
“After taking a break through the holiday season in 2019, Emotet malware attacks have restarted in 2020, this time targeting the financial services industry. Similar to previous versions, the Emotet malware is only just the initial attack vector used to launch the attack. The attack is initiated with a malicious Microsoft Word document that is designed to be downloaded and opened by the user. Once opened, the malicious macro executes and contact is made with the command-and-control server to initiate the next stage of the attack.”
According to Menlo Security, Emotet is now being used to launch attacks on organizations in the financial services industry as well as in smaller attacks targeting the food, media and transportation industries. Three quarters of the attacks have been aimed at organizations in the US and UK while the remaining attacks have targeted organizations in the Philippines, Spain and India.
As was the case with previous attacks, the malware is delivered via phishing emails that contain a malicious Microsoft Word document. However, the email subject lines have been altered to appeal directly to workers in the financial sector by including common financial terms.
The malicious Microsoft Word document attached to these emails says that users need to 'enable content' in order to view the document. Once a user does this, it allows malicious macros and URLs to deliver the Emotet malware to their computer.
Since Emotet is now also a botnet, these emails don't come from one source in particular but rather from other infected PCs around the world. Falling victim to this malware doesn't just provide an attacker with a backdoor into your system, it also allows them to use your PC to spread Emotet to other user's machines.
To prevent falling victim to Emotet, it is highly recommended that users pay close attention to any documents which ask them to enable macros, especially when they come in an email from an unknown source.
- Also check out our complete list of the best antivirus software