Emotet Uses Coronavirus Scare To Infect Japanese Targets (Jan 29, 2020)
The Emotet botnet has been observed distributing malspam campaigns targeting individuals in Japan with information-stealing malware, such as TrickBot. The campaign utilizes Coronavirus themed content to leverage the scare tactics associated with the outbreak. The email claims that the attachment contains health warnings and measures in place to deal with potential coronavirus infections in Japan, such as hospital location in certain Japanese cities. The emails contain a malicious Microsoft Word document attachment that requests user’s to enable its content for viewing. Once macros are enabled, a malicious payload (information-stealing malware) will be installed using PowerShell commands.
Recommendation: Education is the defense against global malspam campaigns such as those conducted by the Emotet botnet. Employees and individuals should be aware of malspam techniques to avoid; these can include improper grammar, time-relevant themes, and scare tactics, among others. Policies regarding spam filter settings, and what steps and employee should take if such an email is identified.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.