After a hiatus beginning in February, Emotet malware attacks have picked up traction again through email spam campaigns, according to a recent Bank Info Security report.
Emotet operates by either downloading or dropping malware onto a computer or network. The malware, typically spread through malicious email attachments, allows hackers to attempt to proliferate throughout a network with user credentials and writing to shared drives.
Five things to know:
1. Security firm Proofpoint on July 13 detected a new Emotet spam campaign targeting victims in both the U.S. and U.K., according to the report. Proofpoint identified about 30,000 spam messages associated with the Emotet campaign.
2. In January, IBM researchers discovered Emotet operators using COVID-19-themed phishing emails to spread Trojans and other malware. Proofpoint last detected Emotet on Feb. 7.
3. The new Emotet campaign begins with phishing emails sent out to as many potential victims as possible. The messages is usually one line of text that asks the recipient to open a malicious Word document attached to the email called "electronic.form."
4. If the user opens the attached document, malicious macros are enabled that attempt to download the Emotet malware. If the hack is successful, the unauthorized user can apply Emotet to access sensitive information such as financial data.
5. It's unclear why Emotet took a break from spam campaigning, said Jerome Segura, threat intelligence director of security firm Malwarebyters, according to the report. "Emotet, like other criminal gangs, have had 'down time' before, but typically surrounding specific holidays. It's unclear why they went on such an extended break, in particular before the [COVID-19] pandemic had even started."