How the new campaign of the dangerous malware Emotet works

Emotet has been considered as one of the most important cyber threats. It has returned with new campaigns that put the safety of users at risk. After a 10-month hiatus, it is now back with new strategies for attacking devices. We will explain how it works and how to protect ourselves from these spam campaigns that arrive by email.

Malicious email attachments

dangerous malware Emotet works

This type of threat works through malicious attachments that are sent to the victim via email. The goal is for the victim to open that email and download the file that is actually the malware. They carry malicious macros or JavaScript and when opened they will download the Emotet DLL and load it onto the computer via PowerShell.

When this malware runs, the first thing it does is search for all kinds of emails and steal them to carry out more Spam campaigns and reach more victims. But in addition, some varieties of malware such as TrickBot or Qbot will also sneak into the system, which can lead to ransomware attacks.

Ransomware attacks are undoubtedly one of the biggest problems today. What the attacker is looking for with this is to encrypt the victim’s computer. In return, he will request a financial ransom to free the files or allow the victim to enter his computer again.

But what are those attachments usually? Generally, the Emotet botnet uses Word, Excel or ZIP files and they are usually password protected. We are facing a Phishing attack, since they use a bait so that the victim ends up clicking and downloading something.

These Phishing emails arrive in a chain. That is, they manage to get hold of a large number of e-mail addresses and send the malware to many recipients. They usually use baits such as a supposed canceled meeting, a problem with a service, an order that has not been sent correctly, etc. Anything that catches the victim’s attention and ends up clicking.

Once you enable editing of a file, the payload automatically runs. That’s when the Emotet malware really starts to kick in.

Nueva campaña de Emotet

How to protect ourselves from Emotet

What can we do to protect ourselves from Emotet and prevent our computer from being infected with malware? The first and most important thing is common sense . We must avoid clicking on any link or downloading attachments that reach us without really knowing where they came from.

In addition, to prevent our email address from ending up in a Spam campaign of this type, it is important that we do not make the address public in open forums or websites where bots or any intruder can access.

On the other hand, keeping equipment up-to-date and safe is always going to be very important. We must have a good antivirus to protect us. There are many options, such as Windows Defender, Avast, Bitdefender or any other. But also have the latest versions of the system and thus be able to correct vulnerabilities that may exist. You can check if your computer is affected by Emotet.

In short, Emotet is back with new Spam campaigns that can put our security at risk. It is essential to be protected and not make any kind of mistake.