Security News > 2022 > April > Emotet malware infects users again after fixing broken installer

Emotet malware infects users again after fixing broken installer
2022-04-25 20:28

The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments.

Last Friday, the Emotet malware distributors launched a new email campaign that included password-protected ZIP file attachments containing Windows LNK files pretending to be Word documents.

Lnk file did not exist, and thus the VBS file was not created, as explained by the Emotet research group Cryptolaemus.

Emotet Update - As of the last few hours Ivan is running some tests on E4 to try to bypass detection by appending a VBS at the end of an LNK file in a zip.

Emotet fixed the bug today and, once again, started spamming users with malicious emails containing password-protected zip files and shortcut attachments.

These shortcuts now reference the correct filenames when the command is executed, allowing the VBS files to be created correctly and the Emotet malware to be downloaded and installed on victims' devices.


News URL

https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/