Emotet is malware that typically spreads through email messages containing Word documents with malicious macros. Some of the email lures are actual messages with a reply chain history and other attachments, all stolen from other victims. When a victim opens these documents, they try to trick the victim into enabling the active content so that Emotet malware can be downloaded and installed on a computer. Once installed, Emotet will use the infected computer to send spam emails and ultimately install other malware packages that could lead to ransomware attacks on a victim’s network. Emotet has used a variety of lures to trick victims into opening such an attachment, such as faking invoices, shipping notices, resumes, purchase orders, or even COVID-19 information. This week Emotet has switched to a new trick, pretending to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature. In the malicious document, it instructs the user to click on a button that would “Enable Editing” and then the “Enable Content” button, which will cause the malicious macros to execute.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in