Emotet is one of the most feared malware strains circulating right now. The team behind it has managed to infect a staggering array of targets all around the globe. To say that it is a major threat would be an understatement. Recently the group behind Emotet just upped the ante even further. Researchers have recently discovered that the malware is now being distributed via a new channel.

The new channel is a malicious Windows App Installer that appears to be an innocuous Adobe PDF reader. Windows App Installer is a built-in feature of both Windows 10 and 11 and systems can be infected by “tricking” users to click attachments in emails which trigger the App Installer.

Emotet’s preferred methodology revolves around a “conversation in progress” approach.  An email is crafted that already has several replies. So at a glance it appears that the recipient and whomever sent this email have already been conversing about something. The “most recent” reply says some variation of “please see attached” and contains a PDF file.

When the recipient clicks the file the built in App Installer is triggered and the malware is installed. Note that this completely bypasses most malware and cybersecurity measures because the recipient is making a conscious decision to open the file in question.

The campaign is amazingly well put together.  The attachment and subsequent prompts appear to be legitimate Adobe Acrobat components right down to sporting an official company icon and a certificate marking it as a trusted application. So there’s no reason for a user to think that there’s anything amiss unless they look more closely at the email containing the attachment.

That’s exactly what the hackers are counting on.  They know that people are busy and may only give the body of the email a cursory glance before clicking to see what all the fuss was about.

As ever vigilance and mindfulness are the keys to avoiding these types of shenanigans. Many employers overlook employee training because they assume their employees are aware of how to look for spam in their emails.

SpartanTec, Inc. provides employee training and spam protection. Call us today before your network falls prey to malware. Activate your two free hours of IT support now.

People also ask
Is Emotet a virus?
Emotet is a computer malware program that was originally developed in the form of a banking Trojan. The goal was to access foreign devices and spy on sensitive private data. Emotet has been known to deceive basic antivirus programs and hide from them.

Is Emotet a ransomware?
Emotet is a malware strain and a cybercrime operation believed to be based in Ukraine. The malware, also known as Heodo, was first detected in 2014 and deemed one of the most prevalent threats of the decade. Emotet is known for renting access to infected computers to ransomware operations, such as the Ryuk gang.


SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Used with permission from Article Aggregator