Emotet spreads primarily as an email scam using a method called thread hijacking where it replies to stolen email conversations and includes malware attachments.
Emotet aims to extort money from its victims, steal credentials, or sell access to other cybercriminals. In the UK, you are 40% more likely to become a victim of an Emotet attack compared to the rest of the world.
What is Emotet?
Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via a malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like legitimate email.
Emotet may try to persuade users to click the malicious files by using tempting language about “Your Invoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies.
Emotet has gone through a few iterations. Early versions arrived as malicious JavaScript file. Later versions evolved to use macro-enabled documents to retrieve the virus payload from command and control (C&C) servers run by the attackers.
How does it work?
1. Emotet predominantly spreads via email scams containing malware.
2. lt uses infected attachments, usually Word or Excel documents, in these emails.
3. Once opened, these infected attachments installs Emotei malware onto your device.
4. Emotet then infiltrates your email conversations with messages containing malware.
5. lt sends itself to your friends and family. This is called thread hijacking.
How can you protect yourself from the rising threat of Emotet in the UK?
Always install security updates for your operating system as soon as they are available, as well as on any other applications you have on your devices.
These security patches are designed to keep you safe and having the most up-to-date versions is important.
Use your anti-virus software. Most antivirus works hard to protect you against malware and phishing email scams, but it’s important to make sure it’s switched on and able to scan your device regularly.
Never click on suspicious links or attachments in emails. Even if the sender seems legitimate, remember that they could be a victim of Emotet thread hijacking.
You can always reach out to the sender on a separate platform to ask what the link or attachment is.
Never press the ‘Enable Content‘ button in Microsoft Word or Excel if you have accidentally opened a suspicious or unknown attachment. This can initiate instructions that launch Emotet.
The rising threat of Emotet and its ability to keep spreading makes it a very alarming threat.
It’s important to be aware of these rising threats and know what steps you can take to avoid them.
