Emotet Trojan Evolves Since Being Reawakend, Here is What We Know
"exec" writes:
Arthur T Knackerbracket has found the following story:
With the reawakening of the Emotet botnet, the distribution methods, payloads, malicious document templates, and email templates continue to evolve. This article will go over some of the changes that have been observed by various security researchers over the past couple of days.
After months of inactivity, Emotet came back to life on Monday as it started churning out spam emails that push malicious attachments to unsuspecting users. While formerly a banking Trojan that would steal login credentials, the Emotet Trojan is now used as a distribution vehicle for other malware.
Only after a few days, researchers have already started to see Emotet split into different distributions and employ new document templates designed to further trick users into enabling malicious Word macros.
When the Emotet botnet came back to life again, it was using a malicious Word document template that asked you to "Accept the license agreement" by clicking on the "Enable Content" button. Doing so, would enable macros embedded in the document that would then install the Emotet Trojan on the recipient's computer.
As seen by Microsoft and security researchers such as JamesWT, Joseph Roosen, Brad Duncan, ps66uk, and others, Emotet has changed its malicious document template to use a new "Protected View" lure. This lure tells the potential victims that the "action can't be completed because the file is open in Protected View. Some active content has been disabled. Click Enable Editing and Enable Content."
-- submitted from IRC
Read more of this story at SoylentNews.