Categories: Ad Guardian PlusNews

Coronavirus campaigns bring Emotet

Coronavirus campaigns strike Japan. A rash of malicious emails, botnet-driven, is using coronavirus as a theme. The announcement came from IBM X-Force and Kaspersky. As the disease spreads globally, attackers see it as an opportunity and malware infections become usual.

The emails pretend to have attached notices regarding prevention measures for the disease. But the real coronavirus is just a pretext to distribute a trojan – the well-known Emotet.

The attackers used Japanese in most of the emails. So, the attackers intentionally target exposed geographic regions, due to their locations. The subject of the emails contains the current date and the Japanese word for “notification”. Thus, they try to be more credible.

The attackers pretend to send the emails as a disability welfare service provider in Japan. “The text briefly states that there have been reports of coronavirus patients in the Gifu prefecture in Japan and urges the reader to view the attached document.” according to IBM X-Force. Other versions warn of infection reports within different Japanese prefectures, such as Osaka and Tottori. In the footer of the messages, users can see a legitimate mailing address, phone and fax number for the relevant public health authority for the targeted prefectures. Thus, the attackers lend an air of authenticity.

“Previously, Japanese Emotet emails have been focused on corporate style payment notifications and invoices, following a similar strategy as emails targeting European victims,” announced the company. “This new approach to delivering Emotet may be significantly more successful, due to the wide impact of the coronavirus and the fear of infection surrounding it.”

The old tricks still work

Except from the lure used, the coronavirus campaigns represent an ordinary Emotet effort. When opened in protected view, the attached document surfaces an Office 365 message that asks the user to “enable content”. Just like in most Emotet email-borne attacks, if the attachment is opened with macros enabled, a macro script opens Powershell and installs the Emotet downloader.

“The extracted macros are using the same obfuscation technique as other Emotet emails observed in the past few weeks,” IBM X-Force analysts observed.

Attackers exploit fear

But Kaspersky has also seen several spam coronavirus campaigns emerging in the last weeks that contain a range of attachments.

Researchers said that the malicious files usually disguise as .PDF, .MP4, .DOC files about the coronavirus. “The names of files imply that they contain video instructions on how to protect yourself from the virus.” Also they pretend to offer updates on the threat and even virus-detection procedures.

The files contain a series of threats. These include trojans and worms. They are “capable of destroying, blocking, modifying or copying data, and interfering with the operation of computers or networks.” By now, analysts discovered 10 different documents circulating.

But people worry about their health. So, Anton Ivanov, Kaspersky malware analyst, considers that we should expect worse. “We may see more and more malware hidden inside fake documents about the coronavirus being spread.”

Also, IBM X-Force warned that Emotet operators would probably expand their targeting beyond Japan soon. “This will probably include other languages too, depending on the impact the coronavirus outbreak has on the native speakers. Unfortunately, it is quite common for threat actors to exploit basic human emotions such as fear – especially if a global event has already caused terror and panic,” analysts mentioned.

Cybercriminals usually try to capitalize on current events. For instance, in December, Emotet was involved in a spam campaign that used Greta Thunberg as a lure.

Laurentiu Titei

Recent Posts

Download SCR3310 Driver for Windows 11 and 10

Let’s have a look at some of the best methods to execute the SCR3310 driver…

1 day ago

How to Fix Windows Could Not Automatically Detect This Network’s Proxy Settings Error

Frustrated with the “Windows could not automatically detect this network’s proxy settings” error? You are…

2 days ago

How to Download and Update Display Driver in Windows 11,10

Imagine that you power on your computer, excited to play a game, watch a movie,…

3 days ago

What is an ISO File in Windows and How to Download It for Windows 7/10/11?

This simple guide will explain what an ISO file is and how to download an…

3 days ago

How to Get Access to Instagram Music for Collaboration

Modern-day brands are built on Instagram. Several successful businesses, such as Glossier, Nike, and Sephora,…

5 days ago

Best Free VPN for Firestick in 2025

A VPN, or Virtual Private Network, is a crucial tool to ensure privacy and security,…

5 days ago