Attackers are sending SMS messages purporting to be from victims’ banks – but once they click on the links in the text messages, they are asked to hand over their banking credentials and download a file that infects their systems with the Emotet malware.
Emotet has continued to evolve since its return in September, including a new, dangerous Wi-Fi hack feature disclosed last week that can let the malware spread like a worm. Now, this most recent campaign delivers the malware via “smishing,” a form of phishing that relies on text messages instead of email. While smishing is certainly nothing new, researchers say that the delivery tactic exemplifies Emotet’s operators constantly swapping up their approaches to go beyond mere malspam emails – making it hard for defense teams to keep up.
“Emotet’s operator, the Mealybug gang, has varied its activity levels over time, sometimes going into lengthy lulls and periods of low-volume activity,” said researchers with IBM X-Force in a Wednesday analysis. “Since late 2019, Mealybug has been pushing its activity through various channels, including spam, sextortion emails, SMiShing and ploys like fake Coronavirus warnings that were spread in Japan.”