Skip to main content

Emotet malware disguises itself with stolen email attachments — Over 500,000 infected emails per day

(Image credit: REDPIXEL.PL / Shutterstock)

There's hardly a shortage of new malware floating around, but old malware doesn't just disappear completely either, and one piece of malware that got its start back in 2014 has resurfaced in a big way with a few new tricks up its sleeve.

Emotet was originally a banking trojan, but over the years has turned into a malware botnet that is mainly spread using spam emails. As reported by BleepingComputer, it has recently upped its game with an attachment stealer module that can extract attachments, email content and contact lists for use in future efforts (via TechRadar).

Using the stolen content, the individuals behind Emotet can then insert themselves into a reply chain and include malicious links or attachments (Word or Excel documents that utilize macros) in the original email thread hoping to capture users with their guard down in a familiar email chain. From here, the malware infects the system and spreads to other devices on the network.

The malware has also been used to install additional malware, including TrickBot and now exclusively QakBot, which are both older malware used to propagate even more malware or ransomware to steal your information. 

The latest round of malicious spam started on July 17 after having been dormant for most of the year. The emails are typically being disguised as "payment reports, invoices, employment opportunities, and shipping information," according to researchers. 

How to protect yourself against Emotet

There's no magic bullet to protecting against Emotet, but there are certainly some efforts you can make to defend your device and network. 

Keeping all of your hardware up-to-date with the latest patches and software is an easy preventative measure and malware often relies on users failing to do so.

Obviously, be particularly careful with links or attachments. While the content will be lifted from previous emails, they shouldn't be coming from a familiar email address, so take a careful look at the domain before clicking on a link or opening an attachment. 

As Emotet is specifically dependent on using macros to infect your system, you can protect yourself by disabling macros. By default, Microsoft does disable macros, but Emotet will attempt to get you to re-enable them, often through misleading links within the document. Again, it's important to be wary and ensure you look at where a link is directing you before you click on it.

And finally, if you are not using antivirus software already, you should definitely consider doing so; it will help to identify a problem before it becomes a catastrophe.