Fake Coronavirus Messages Spreading Emotet Infections

2020-01-31 16:18

Cybercriminals are using fake email messages about the coronavirus to spead the Emotet Trojan as well as other malware, according to reports released this week by IBM and Kaspersky.

The cybercriminals spreading the Emotet Trojan apparently are attempting to target regions closer to China, where the coronavirus originated, but it's likely that their tactics will shift to other countries in the coming weeks, according to IBM. "We expect to see more malicious email traffic based on the coronavirus in the future, as the infection spreads," the IBM researchers say.

Each of these emails contains an attached Word document, which is portrayed as offering updates and health information, according to IBM. If the file attachment is opened and Office 365 macros enabled an obfuscated VBA macro script begins running in the background, which then installs a Powershell script and downloads the Emotet Trojan, according to IBM. "Previously, Japanese Emotet emails have been focused on corporate-style payment notifications and invoices, following a similar strategy as emails targeting European victims. This new approach to delivering Emotet may be significantly more successful, due to the wide impact of the coronavirus and the fear of infection surrounding it," the X-Force report says.

Once the malware is downloaded, Emotet uses the infected system to send out additional phishing emails and spam in an effort to grow the botnet, according to researchers at Cofense.

Emotet attackers have also previously used emails about topics in the news to spread the malware as well.

News URL

https://www.inforisktoday.com/fake-coronavirus-messages-spreading-emotet-infections-a-13675

#coronavirus