EMOTET Uses Corona Virus Outbreak in New Spam Campaign

 Analysis by: Maria Katrina Udquin

EMOTET tries to amplify the scare by using the nCov 2019 virus outbreak in its latest spam campaign. Messages in Japanese and containing the EMOTET payload are sent to victims lured into opening the malicious document attachment by disguising as a notice for preventive measures against the spreading virus. The sender addresses of these spam are mostly compromised legitimate accounts. These spam mails use a formal layout with street address and contact numbers of the supposed organization that sent the notice to appear more legitimate.

The malicious documents attached in these emails contain macros that when executed, download a copy of EMOTET and installs it in the victim's computer. These documents are now detected by Trend Micro as Trojan.W97M.EMOTET.TIOIBEJI .

As always, we strongly advise you to never open email attachments from unknown or unwanted senders.

 SPAM BLOCKING DATE / TIME: January 31, 2020 GMT-8
 TMASE INFO
  • ENGINE:8.1
  • PATTERN:25202