Those declared dead live longer: This also applies to Emotet. According to ESET researchers, the malware is back in full force, as the first four months of this year show. But even the good guys are fighting back: Microsoft is tightening the security of macros. Will Emotet survive this too?
One of the most important findings from the ESET Threat Report Q1 2022 is that the Emotet botnet has risen like a phoenix from the ashes. Huge amounts of spam emerged in March and April 2022, hundreds of times more in the first four months of 2022 compared to the last four months of 2021. Most affected were Word documents polluted with infected macros.
As Microsoft has tightened the default handling of files with macros, it won't be possible to get recipients to click "activate content" for much longer. What does this mean for Emotet? Could this threat, considered one of the most widespread and long-lived, now be forgotten? Just months after the botnet was dismantled by law enforcement and hailed as a milestone against organized cybercrime? That could prove to be a fallacy, as Emotet operators are not known for resting on their laurels.
Emotet shifts techniques
Emotet detections in ESET telemetry (Image: ESET).
Between April 26 and May 2, 2022, ESET researchers discovered one test campaign the Emotet operator, where they replaced the typical Microsoft Word document with a link file (LNK) as a malicious attachment. Double-clicking a shortcut file can launch a target resource, in this case a PowerShell script that downloads and runs Emotet: Most Discoveries were in Japan (28%), Italy (16%) and Mexico (11%).
In a previous test campaign between April 4th and 19th, the Emotet operators lured their victims with a ZIP archive stored on OneDrive. This contained Microsoft Excel Add-in (XLL) files that can be used to add custom functions to Excel. When these files were extracted and downloaded, they ran Emotet.
ESET offers an extended analysis of the current Emotet techniques in a blog post.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.