In brief: The notorious Emotet malware campaign is causing misery once again. This time, the infection is being delivered via email that claims to be from 'Windows Update', telling users to upgrade their copy of Microsoft Word.
As per Bleeping Computer, the malware is delivered through spam emails containing either malicious Word or Excel documents or download links. When opened, the attachments prompt users to ‘Enable Content’ to allow macros to run, which install the Emotet trojan.
Readers of this site are going to recognize malicious emails such as these, but less tech-savvy users could easily be fooled. To trick people into enabling the macros, Emotet uses different document templates, such as claiming to be created on iOS, Windows 10 Mobile, and older versions of Office, or being a protected document.
CERT-EE warns! If you receive an email which looks like as if it is sent by a trusted source and it contains a .doc file, please do not open the attached file. It contains currently widely distributed Emotet malware! pic.twitter.com/7FAKwX8JUb— CERT Estonia (@CERT_EE) October 15, 2020
We’ve seen Emotet use several approaches in its attempts to convince victims its emails are on the level. A malicious campaign last year used the name of activist Greta Thunberg along with a fake invitation from her to join a climate change protest.
Earlier this year, Emotet exploited coronavirus fears by sending out loaded emails offering information on how to protect against Covid-19. We recently saw the virus utilized in another campaign, one that featured a document claiming to contain information on Donald Trump's health after he tested positive.
Emotet campaigns have also used emails disguised as volunteering opportunities within the Democratic Party, payment reports, Covid-19 alerts, shipping data, and job opportunities.
Malware Trends Tracker names Emotet as the most widely spread piece of malware in the world. It was initially just a banking Trojan when first recorded in 2014 but has evolved so that it now downloads and installs other malware, including TrickBot, QBot, and ransomware, while sending out more malicious emails from the infected machine. Emotet, which can spread using local networks, is also very difficult to detect and remove.