May 22, 2024

attention! Emotet malware is active again

Emotet is back: This very dangerous malware, which has been active since 2018, has recently appeared frequently as an attachment in emails. After law enforcement agencies landed a significant blow against the malware infrastructure about two years ago, Emotet has recently been a little quieter, Heise reports on this matter. However, after longer downtimes and erratic activities, which is not typical, the Trojan horse’s circulation is now increasing.

Emotet disguised as Micrsoft OneNote in email archives

IT security professionals at cybersecurity firm Cofense reported new ransomware activity about two weeks ago. The malware is said to find its way from inboxes to home devices in a particularly insidious way: “Malicious emails appear to reply to existing email threads, with the addition of a zip file.” On the Cofense blog. Email attachments deal with finances and billing.

In order to convince users to download the attachment, criminals now rely on Microsoft OneNote – a service for organizing notes. To open the supposedly protected file, the recipient of the message must first double-click the View button. These clicks start an embedded script that downloads Emotet as a .dll file and then runs it as regsvr32.exe on the respective terminal.

Microsoft is said to be already working on a fix for this vulnerability.

See also  An underwater revolution millions of years ago rewrote the ocean script