Security News > 2023 > March > Emotet Rises Again: Evades Macro Security via OneNote Attachments

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems.

A derivative of the Cridex banking worm - which was subsequently replaced by Dridex around the same time GameOver Zeus was disrupted in 2014 - Emotet has evolved into a "Monetized platform for other threat actors to run malicious campaigns on a pay-per-install model, allowing theft of sensitive data and ransom extortion."

While Emotet infections have acted as a conduit to deliver Cobalt Strike, IcedID, Qakbot, Quantum ransomware, and TrickBot, its return in late 2021 was facilitated by means of TrickBot.

With Microsoft taking steps to block macros in downloaded Office files, OneNote attachments have emerged as an appealing alternative pathway.

"The OneNote file is simple but yet effective at social engineering users with a fake notification stating that the document is protected," Malwarebytes disclosed in a new alert.

The Windows Script File is engineered to retrieve and execute the Emotet binary payload from a remote server.

News URL

https://thehackernews.com/2023/03/emotet-rises-again-evades-macro.html