Emotet malware to spam COVID19-themed emails to U.S. businesses

Aug 16, 2020 | News

The Emotet malware has begun to spam COVID-19 related emails to U.S. businesses after not being active for most of the USA pandemic.

Before going dark on Feb 7th, 2020, the Emotet malware was commonly spamming COVID-19 themed spam to distribute malware in other countries already affected by the pandemic.

According to BleepingComputer, in the recent campaign Emotet is saved to the %UserProfile% folder and named as a three-digit number (i.e. 498.exe). Once infected a system, it will be used to send out further spam emails and to download additional payloads, like TrickBot or Qbot.

In a conversation with Emotet expert Joseph Roosen, BleepingComputer was told that other COVID-19 campaigns have recently been seen using reply-chain emails.

“So far we have only seen it as part of stolen reply chain emails. We have not seen it as a generic template yet but I am sure it is just around the corner hehe. There was one reply chain I saw yesterday that was sent to 100s of addresses that was referring to the closing of an organization because of covid-19. I would not be surprised if Ivan is filtering some of those reply chains to focus on ones that are involving covid-19,” Roosen told BleepingComputer. Ivan is Roosen’s nickname for the Russian Emotet-malware operators.

Email security firm Cofense also told BleepingComputer that they have been seeing COVID-19 related spam recently that uses attachments named “COVID-19 report 08 12.doc” and similar. Cofense states that the document date will change to the day of the campaign.

As Emotet is such a dangerous malware that can lead to a variety of risks, all home and corporate users must be cautious about opening documents that require you to ‘Enable Content.’

If you receive these types of emails, first scan the attachment with an antivirus scanner to make sure it is safe to open. Even then, you should proceed with caution.

Reference:

https://www.bleepingcomputer.com/news/security/emotet-malware-strikes-us-businesses-with-covid-19-spam/

← Previous Next →

Posts by Topic

Alerts (3)
Best practices (10)
Business (15)
Cloud (1)
IT Blog (9)
News (142)
Privacy (11)
Security (21)
Small Business (12)
Technology (18)
Tip of the Week (3)

Mobile? Grab this Article!

Emotet malware to spam COVID19-themed emails to U.S. businesses qr1c37a58e8f6ec22f103ff2c4c2c02467 TechCess

CISA warns of Windows and UnRAR flaws exploited in the wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation.One of them has spent more than two years as a zero-day bug in the Windows Support...

Contact Us

Learn more about what Techcess CyberSecurity Group can do for your business.

1-833-TXCYBER
1-833-892-9237

Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055

Techcess CyberSecurity Group

6110 Clarkson Lane
Houston, Texas 77055