Emotet urges users to upgrade Microsoft Word in latest spam campaign

Microsoft Word
(Image credit: Shutterstock)

After disguising itself as a Windows 10 update earlier this month, the Emotet malware has now adopted a new template in which it pretends to be a message from Microsoft Office urging users to update Word in order to add a new feature.

The cybercriminals behind Emotet use a variety of different lures to trick unsuspecting users into opening their malicious attachments. In the past, Emotet spam campaigns have pretended to be invoices, shipping notices, purchase orders and even information about Covid-19.

All of these spam emails contain malicious Word documents that are either attached to the email itself or are downloaded by clicking on a link inside the email. Once a user opens one of these documents, they are prompted to “Enable Content” so that the malicious macros contained in the Word file will run and install the Emotet malware on a victim's computer.

To help trick unsuspecting users into enabling macros, Emotet spam campaigns use a number of different templates to create a sense of urgency. For instance, a spam email may request that a user sign off on an invoice or that they need to update their software, as is the case in this latest template.

Microsoft Word upgrade

In an effort to try and trick even more users, Emotet recently switched to a new template that pretends to be a message from Microsoft Office urging users to update Word in order to add a new feature.

The subject of these new emails is “Upgrade your edition of Microsoft Word” and the body of the email reads: "Upgrading your edition will add new feature to Microsoft Word. Please click Enable Editing and then click Enable Content.”

Once a user clicks on the Enable Content button, the malicious macros will execute and then download and install Emotet in a user's Local App Data folder.

What makes Emotet so dangerous is the fact that the malware is often used by cybercriminals to install other types of malware including Trickbot and QBot onto a victim's computer. Trickbot and QBot will then both attempt to steal passwords, banking details and other information stored on a user's computer.

To avoid falling victim to Emotet spam campaigns, users should carefully check their email and avoid opening messages and especially attachments from unknown senders. Also if a message seems too good to be true, than it likely is and any emails that implore a sense of urgency should also be avoided at all costs.

Via BleepingComputer

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.