Emotet is a deadly botnet malware that came alive after four months of no activity. The malware targeted users around the world with malicious emails that were set in a financial tone and usually seemed as a reply to a previous conversation. The emails then prompted users to click on malware-ridden files or infected attachments.
Now, Emotet has come up with a new spam campaign under which it disguises itself as a scanned copy of Edward Snowden’s recently released memoir “Permanent Record.” If the targeted user clicks on the attachment in the mail, he/she will be infected with Emotet and other malware.
Uncovered by security researchers at Malwarebytes, the new spam campaign has been spewing malicious attachments accompanied with emails in English, German, Italian, Spanish and French languages.
Once the target clicks on the attachment, a Microsoft Word window opens which the message “Word hasn’t been activated,” prompting users to click on the “Enable Content” button.
After the user clicks on the button, a PowerShell command is launched which attempts to download the botnet malware from one of the three URLs embedded in the application.
Once downloaded, the trojan works discreetly in the background and slows down the performance of your system by downloading other malware. Emotet is known to hijack your email credentials and send malicious emails to people from your contact list.
As a precautionary measure, we advise our readers to be wary of suspicious emails, especially those pointing to an attachment containing Edward Snowden’s memoir.