iGuRu
Now Reading
Emotet: prompts you to upgrade Word
iGuRu

Emotet: prompts you to upgrade Word

Emotet botnet has started using a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Word.

Emotet is malware that spreads through spam emails that contain malicious Word or Excel documents. These documents use macros to download and install Emotet Trojan on the victim's computer. The trojan uses the computer to send spam and eventually leads to a ransomware attack on the victim's network.

After a brief hiatus, the malware Emotet returned to service on October 14 and began sending malicious spam content worldwide.

These unwanted campaigns pretend to be invoices, shipping information, COVID-19 information, President Trump's health information, CVs, or purchase orders.

These junk e-mail attachments include malicious Word (.doc) attachments or download links.

When opened, these attachments will prompt the user to "Enable Content" to run malicious macros that will install the malicious Emotet software on the computer.emotet screenshot - Emotet: asks you to upgrade Word

Upon its return, Emotet released a new template that pretends to be a message from Windows Update stating that Microsoft Word should be updated before viewing the document.ezgif 3 bbde5d88bd82 - Emotet: prompts you to upgrade Word

To update Word, the message tells the user to click the Enable Editing and Enable Content buttons, which will trigger malicious macros,

These malicious macros will download and install the malicious Emotet software onto the victim's computer, as shown below.

Screenshot 2020 10 19 07 22 13 - Emotet: asks you to upgrade Word

Emotet is now considered to be the most common malware. It is also particularly dangerous as it installs other malicious programs such as Trickbot and QBot on the victim's computer.

While TrickBot and QBot have their own malicious activity, such as stealing passwords, banking information and various other information, they also often lead to ransomware Conti (TrickBot) or ProLock (QBot) ransomware attacks.

So it is vital that you recognize the malicious document templates used by Emotet so that you do not accidentally become infected.

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News

View Comments (0)

Leave a Reply

Your email address Will not be published.

 

iGuRu.gr © 2012 - 2021 Keep it Simple Stupid Custom Theme

Scroll To Top