A new variant of the Emotet banking malware has been discovered by cybersecurity company Darktrace: it is slightly different from the previous ones, but as dangerous as the previous one.
The wolf loses its fur but not its vice
Emotet is back , a very dangerous malware that steals our online home banking credentials , and is back with a new very sophisticated phishing campaign. Emotet’s attacks hadn’t been recorded for five months, but now Darktrace has detected it in circulation again.
As in the past, once again the phishing campaign used to carry the virus is aimed above all at company e-mail addresses. The new messages contain a Word attachment , containing a macro that runs a code and starts the infection. The mechanism is a little different from the one used in the past and, for this reason, Emotet is now able to escape “static” antivirus based on fixed rules and already known malware lists.
It is not the first time, since it was born in 2014, that Emotet has changed its face to escape the controls of the most popular security suites, as the cybersecurity company recalls that it has again identified it.
How Emotet works in online banking
This variant of Emotet is also conveyed through a phishing email based on sophisticated social engineering techniques . The mail message is well written, contains no errors, and looks like a real message sent from a company or other division of the company itself that you want to target.
If the user falls for it and opens the attachment, Word asks him to activate macros because the document contains one. But with the macros active, PowerShell commands are actually executed which download the virus to your computer and start the infection. Therefore, if the computer is connected to the network, Emotet begins to spread among the contacts of the affected user.
The purpose of the malware, however, remains the same: to access user data in search of credentials and other sensitive data, especially online banking accounts .
How to defend yourself from Emotet phishing email
The first step to defend against Emotet is to break the chain of transmission, so don’t take the bait of phishing . Analyzing emails very well before downloading an attachment is essential. Then it is certainly necessary to have installed an excellent antivirus , with e-mail control, attachments included.
Thus, even if the user bites and downloads the attachment, the antivirus blocks the operation after scanning the file and finding traces of the macro that downloads the malware. Finally, since this is a purely corporate malware, it is useful for the entire network infrastructure to be protected centrally and not just for individual PCs used by employees.