New Emotet delivery method spotted during downward detection trend

New Emotet delivery method spotted during downward detection trend

Emotet, one of cybersecurity’s most-feared malware threats, got a superficial facelift this week, hiding itself within a fake Microsoft Office request that asks users to update Microsoft Word so that they can take advantage of new features.


This revamped presentation could point to internal efforts by threat actors to increase Emotet’s hit rate—a possibility supported by Malwarebytes telemetry measured in the last few months.


Emotet spikes amid downward trend


Since August 1, Malwarebytes has detected repeated weekly spikes in Emotet detections, with an August peak of roughly 1,800 detections in just one day. Those frequent spikes betray the malware’s broader activity though—a slow and steady trend downwards, from an average of about 800 detections in early August to an average of about 600 detections by mid-October.



Recent detection activity for Emotet from early August to mid-October

Caught by Malwarebytes on October 19, Emotet’s new delivery method attempts to trick victims into thinking that they’ve received an update to Microsoft Word. The new template, shown below, includes the following text:



“Upgrade your edition of Microsoft Word


Upgrading your edition will add new features to Microsoft Word.


Please, click Enable Editing and then click Enable Content.”



If users follow these dangerous instructions, they will actually enable the malicious macros that are embedded into the “update request” itself, which will then be used as the primary vector to infect the machine with Emotet.



Emotet’s latest delivery mechanism is a fraudulent Microsoft Word update request

Malwarebytes protects users from Emotet and its latest trick, as shown below.



Malwar ..

Support the originator by clicking the read the rest link below.