Malicious invoice emails compromises computers
Emotet Malware Resurfaces with Macro Workaround
Cybersecurity forms have recently reported a new wave of infection cases worldwide from Emotet, a banking trojan developed in 2015.
While the original Emotet was a Trojan focused on monitoring traffic for Austrian banks, in subsequent years the malware evolved rapidly, developing a focus on abusing Microsoft Office macros to infect machines via Word and Excel documents. A notable infection froze the municipal systems of Allentown PA in 2018, the malware caused over 1 million USD in damages as it rapidly spread through email chains, stealing personal details while posing as city staff.
The current iteration of Emotet has evolved from Microsoft disabling macros, by emailing users posing as financial institutions with outstanding invoices or payments. Within the emails are infected Excel or Word documents disguised as archives with a password attached. Once open, the documents request for the user to place the file within an Office root directory as a security policy. By running the infected document within the root directory, this downloads Emotet from a compromised WordPress site.
Once the malware has been installed on your machine, it will install additional malware such as IcedID, which sends personal files to remote servers, and Bumblebee, a loader that executes ransomware such as Cobalt Strike or Silver. Emotet’s delivery system is dangerous as it not only opens the door for stronger malware, but also evades the patched solution given by Microsoft earlier this year. Emotet is expected to surge around the Holiday season, as a weaponized variant containing a ransomware payload historically appears around this time.
IT professionals in response have recommended for users to be wary of emails with unprompted Office documents, especially if they appear as financial documents. If a computer has been infected with Emotet the device should be removed from the network immediately, as the malware attempts to spread through email chains posing as the user. While most antivirus software can detect Emotet, it is recommended for businesses to raise awareness of common Emotet email templates, and to enact Two Factor Authentication to minimize the risk of hijacking and personal data loss.
Contact us to find out more about secure email filtering to reduce the number of spam emails that make it to your mailbox.