Emotet malware comes as a supposed Word update

[German]A brief warning: The criminals behind the emotet malware are now distributing this malware via a mail attachment that appears as a supposed Word update. Microsoft warns about that.


Emotet is a family of malware that is spread via e-mail and is usually contained in Word documents with malicious macros. When these documents are opened, their content attempts to trick the user into activating macros, so that the Emotet malware is downloaded and installed on the computer. The malware can deliver a variety of malicious functions, most often infecting ransomware to encrypt the data along with a ransom demand. The sender of these mails is often known contacts of the recipient, as Emotet uses the contact lists on infected systems to send the mail.

Emotet  disguised as a Word update

The cyber criminals of the Emotet group have been changing their strategy for spreading malware for a week now and are distributing a new message with an attachment claiming to be from Microsoft. The message states that Microsoft Word must be updated to add a new feature.

Emotet-Malware als Word-Update getarnt

This is pointed out by the above tweet from Bleeping Computer, among others. The backers use a lottopics in their mail, to lure victims, as explained in this article. This ranges from supposed information about COVID-19 to alleged orders, alleged invoices and applications. And lately just alleged Word updates. On Twitter, Microsoft has posted examples of such mails in this tweet (here on Halloween), but also the following screenshot.  

Emotet als Word-Update


The attachment is a Word document that contains a malicious macro. In the mail the user is asked to upgrade Microsoft Word and links request to release document editing (Enable Editiing is supposed to enable macro editing) and upgrade (Enable Content loads the macro). When the macro is activated and executed, it connects to a malicious domain to download the emotet payload. I have warned about emotet on this blog many times, as this malware is one of the most successful blackmail Trojans currently active.

SImilar articles:
EmoCrash protectet systems for 6 months against emotet-infections
Cryptolaemus and the fight against Emotet
Warning about a new Emotet-Ransomeware campaign (Sept. 2020)
Microsoft warns of massive Emotet campaign
Emotet Trojan can overload computers on the network
Emotet C&C servers deliver new malware
FAQ: Responding to an Emotet infection

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *