Emotet began life as a banking Trojan back in 2014 but has since evolved into something much worse — a self-propagating platform that can deploy multiple exploits and spam campaigns.
The number one malware threat today, Emotet usually takes a break during the summer months while the developers behind it work to add new features and capabilities, and now it’s back with a new ‘Windows Update’ attachment.
Emotet is spread through phishing and spam emails and via malicious links and attachments. As reported by Bleeping Computer, the botnet now comes with a malicious attachment claiming to be from Windows Update.
The convincing message explains that some apps need to be updated in order to open a ‘document’ attached to the email. If a user follows the instructions, malicious macros will be enabled, and these will install Emotet on the computer, and in turn could lead to the installation of other threats, such as Trickbot, QBot, and ransomware like Ryuk.
Emotet is so successful because it’s forever evolving, gaining new features, and there are usually no signs of infection until it’s too late. Emotet can even spot when it’s being run in a virtual machine and lay dormant in a bid to thwart anti-malware developers.
To avoid it, never open email attachments unless you know what they are (Emotet can make it appear as if the message is coming from one of your contacts if they’ve been infected), never enable macros in Word, and make sure you’re running a decent, up-to-date anti-malware program.