Banking Malware EMOTET Spreads via Spam

 Analysis by: Fjordan Allego

With many financial institutions relying on online transactions and notifications, customers may not find it weird to receive mail purportedly coming from their banks or any other familiar financial institution. As such, spammers find it easy to lure customers by sending fake email messages with malicious files embedded in it.

In our analysis, we have observed spam campaigns that carry a new banking malware called EMOTET. In one of the spammed messages we have received, which might be intended for Brazil-based online banking users as the message is in Portuguese. The said message advises the recipient to settle his debts at a certain date. The message contains two links labeled as invoice and settlement document, respectively. Both links point to files stored in Google Docs. However, clicking on these links downloads TROJ_EMOTET.L.

Trend Micro continuously monitors behavior of the spammers involved in spreading EMOTET. The Smart Protection Network aids in identifying and detecting all related spammed messages and blocks all links associated to it. The public is advised to refrain from clicking any links received from unknown or suspicious mails.

 SPAM BLOCKING DATE / TIME: July 10, 2014 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:0810