Emotet is a malware that is spread through spam emails. These emails contain malicious Word or Excel document attachments.
Analysts notice that the Emotet malwares new method is designed to trick users into enabling macros to download and install the Emotet Trojan.This is done by pretending to be a message from Windows Update stating that the Microsoft Word application needs to be updated before the attached document can be viewed. After tricking the user, the malware then uses the victims computer to send spam emails.
How does it work
The malware works by first sending spam emails that contain either a Word document attachment or a download link to victims. They will then be prompted to enable content that allows macros to run on their device. Once installed, the malware then tries to steal sensitive data, which acts like a worm spreading to other devices. It keeps updating the way it delivers these malicious attachments and the appearance changes as well, such attachments are the email subject and the body of the message. It is always updating or changing itself to avoid being detected by anti-malware programs. Emotet can also be used to deliver other malicious code, such as Trickbot and QBot Trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).
Tips to protect yourself from Emotet:
The Guyana National CIRT recommends that users and administrators review this alert and the remediation strategies and apply them where necessary.