Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,364
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets.
Emotet is a notorious malware botnet historically distributed through Microsoft Word and Excel attachments that contain malicious macros. If a user opens the attachment and enables macros, a DLL will be downloaded and executed that installs the Emotet malware on the device.
Once loaded, the malware will steal email contacts and email content for use in future spam campaigns. It will also download other payloads that provide initial access to the corporate network.
This access is used to conduct cyberattacks against the company, which could include ransomware attacks, data theft, cyber espionage, and extortion.
While Emotet was one of the most distributed malware in the past, over the past year, it would stop and start in spurts, ultimately taking a break towards the end of 2022.
After three months of inactivity, the Emotet botnet suddenly turned back on, spewing malicious emails worldwide earlier this month.
However, this initial campaign was flawed as it continued to use Word and Excel documents with macros. As Microsoft now automatically blocks macros in downloaded Word and Excel documents, including those attached to emails, this campaign would only infect a few people.
Due to this, BleepingComputer predicted that Emotet would switch to Microsoft OneNote files, which have become a popular method for distributing malware after Microsoft began blocking macros.
As predicted, in an Emotet spam campaign first spotted by security researcher abel, the threat actors have now begun distributing the Emotet malware using malicious Microsoft OneNote attachments.
These attachments are distributed in reply-chain emails that impersonate guides, how-tos, invoices, job references, and more.
Emotet malware now distributed in Microsoft OneNote files to evade defenses
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets.
www.bleepingcomputer.com