After disguising itself as a Windows 10 update earlier this month, the Emotet malware has now adopted a new template in which it masquerades as a message from Microsoft Office urging users to update Word to add a new feature to add.
The cyber criminals behind Emotet use different types of lures to trick unsuspecting users into opening their malicious attachments. In the past, Emotet spam campaigns have come up as invoices, despatch notices, purchase orders, and even information about Covid-19.
All of these spam emails contain malicious Word documents that are either attached to the email itself or downloaded by clicking a link in the email. As soon as a user opens one of these documents, they are prompted to “Enable Content” so that the malicious macros in the Word file are executed and the Emotet malware is installed on the victim’s computer.
To help unsuspecting users enable macros, Emotet spam campaigns use a number of different templates to create a sense of urgency. For example, a spam email might request that a user unsubscribe from an invoice or update their software, as is the case in this latest template.
Microsoft Word upgrade
In an effort to trick even more users, Emotet recently switched to a new template masquerading as a message from Microsoft Office urging users to update Word to add a new feature.
The subject of these new emails is “Upgrade your edition of Microsoft Word” and the body of the email is: “Upgrading your edition will add a new feature to Microsoft Word. Click Enable editing then click Turn on content. “
Once a user clicks the Enable Content button, the malicious macros will run and then Emotet will be downloaded and installed in a user’s Local App Data folder.
What makes Emotet so dangerous is the fact that the malware is often used by cyber criminals to install other types of malware, including Trickbot and QBot, on a victim’s computer. Trickbot and QBot will then both attempt to steal passwords, bank details and other information stored on a user’s computer.
To avoid falling victim to Emotet spam campaigns, users should carefully check their email and avoid opening messages and especially attachments from unknown senders. Also, if a message seems too good to be true, it probably is and any emails that evoke a sense of urgency should also be avoided at all costs.