After disguising itself as a Windows 10 update (opens in new tab) earlier this month, the Emotet malware (opens in new tab) has now adopted a new template in which it pretends to be a message from Microsoft Office urging users to update Word in order to add a new feature.
The cybercriminals behind Emotet use a variety of different lures to trick unsuspecting users into opening their malicious attachments. In the past, Emotet spam campaigns have pretended to be invoices, shipping notices, purchase orders and even information about Covid-19 (opens in new tab).
All of these spam emails contain malicious Word documents that are either attached to the email itself or are downloaded by clicking on a link inside the email. Once a user opens one of these documents, they are prompted to “Enable Content” so that the malicious macros contained in the Word file will run and install the Emotet malware on a victim's computer.
- We've put together a list of the best malware removal software (opens in new tab)
- Protect your privacy online with one of the best VPN (opens in new tab) services
- Also check out our roundup of the best ransomware protection (opens in new tab)
To help trick unsuspecting users into enabling macros, Emotet spam campaigns use a number of different templates to create a sense of urgency. For instance, a spam email may request that a user sign off on an invoice or that they need to update their software, as is the case in this latest template.
Microsoft Word upgrade
In an effort to try and trick even more users, Emotet recently switched to a new template that pretends to be a message from Microsoft Office urging users to update Word in order to add a new feature.
The subject of these new emails is “Upgrade your edition of Microsoft Word” and the body of the email reads: "Upgrading your edition will add new feature to Microsoft Word. Please click Enable Editing and then click Enable Content.”
Once a user clicks on the Enable Content button, the malicious macros will execute and then download and install Emotet in a user's Local App Data folder.
What makes Emotet so dangerous is the fact that the malware is often used by cybercriminals to install other types of malware including Trickbot and QBot onto a victim's computer. Trickbot (opens in new tab) and QBot will then both attempt to steal passwords, banking details and other information stored on a user's computer.
To avoid falling victim to Emotet spam campaigns, users should carefully check their email and avoid opening messages and especially attachments from unknown senders. Also if a message seems too good to be true, than it likely is and any emails that implore a sense of urgency should also be avoided at all costs.
- We've also highlighted the best antivirus (opens in new tab) software
Via BleepingComputer (opens in new tab)