Emotet Sends Mail to Inform Users of a Microsoft Word Update

  • Emotet actors are now sending emails that inform users of a supposed Microsoft Word update.
  • The messages urge the recipients to “enable content” on their suite, supposedly to enable the update.
  • The malware then fetches a range of payloads, including QBot, Trickbot, and Ryuk ransomware.

Emotet’s bag of tricks is literally bottomless, and every week, we report of a new way its actors are attempting to distribute the malware. This time, they are sending emails that carry a malicious attachment, which informs the recipient about a Microsoft Word update.

Source: Bleeping Computer

The attached documents are nothing more than macro-ridden files that fetch the trojan onto the victim’s computer. This then turns the computer into a new email dissemination point, with the ultimate goal being to launch a catastrophic ransomware attack on the entire network.

Of course, for all of this to work, the recipient must have the macros enabled on their Microsoft Office suite, so the actors have to convince them to do this on various pretenses. In this case, the lure is a Windows Update that concerns Microsoft Word in particular.

Source: Bleeping Computer

As the message reads, the current version that runs on the victim’s machine is supposedly incompatible with the received file format, but a click on “Enable Editing” and “Enable Content” will fix this by opening the way to the needed update.

Doing that simply lets the malicious macros to run, which results in the fetching of the Emotet malware onto the victim’s computer. In this latest campaign, Emotet may also download and install QBot, Trickbot, and Ryuk payloads, which then steal user information like passwords, and eventually encrypt the locally stored data.

It is important for users to understand the danger and identify the patterns of action used by these crooks, as rendering their methods ineffective is the best way to make these campaigns obsolete.

Keep the macros disabled on your Office suite at all times, don’t download attached files, and don’t try to open documents that came via unsolicited communications like the emails sent by these groups. No matter the claims made in these messages, treat them all as fake and move on with your life.


Recent Articles

How to Watch UFC 257: Poirier vs. McGregor 2 – Live Stream, Start Time, Fight Card, Betting Odds

We're finally getting a rematch between Dustin Poirier and Conor McGregor, a rematch in the making for over six years. UFC 257...

Two Baidu Apps Found to Be Leaking Sensitive User Data

Researchers uncovered what really goes on under the hood of two Baidu apps for Android.The apps are collecting sensitive user and device...

Indian Government Adds Another 43 Chinese Apps on the Blocklist

Another 43 Chinese apps have been added to India’s blocklist, citing reasons of national security.Among the entries of the new set, the...