Threat actors behind the Emotet malware used the novel coronavirus (2019-nCoV) scare as a hook for their spam email campaign against targets in Japan.
2019-nCoV, which is believed to have originated in Wuhan, China, in the past month, has caused hundreds of deaths and thousands of confirmed cases in China alone. The virus has already spread to neighboring countries and confirmed cases have been reported in farther places such as Germany, Canada, and the U.S., causing the World Health Organization to declare a global health emergency
. The official advisory of the Japanese Ministry of Health, Labour and Welfare on the outbreak can be found here
IBM X-Force reported
that the coronavirus spam emails were disguised as official notifications sent by a disability welfare provider and public health centers. The email content warns recipients about the rapid spread of the virus, and instructs them to download an attached notice that allegedly contains preventive measures.
As in several previous campaigns, the coronavirus spam emails had Word document attachments. The text in the document contained instructions to click on the Enable Content button to be able to view the document. Clicking on the button installs the Emotet payload using a PowerShell command.
The spam emails include a footer with legitimate details such as mailing address and contact numbers in an attempt to appear legitimate.
The campaign follows in the footsteps of previous Emotet spam email campaigns, which took advantage of well-known personalities
and occasions such as Christmas
to blast the emails.
Devices infected with Emotet malware can deploy ransomware. The malware can also drop other types of malware that steal user credentials, browser history, and sensitive documents. The harvested data can then be used to send spam to other email accounts
Defense against Emotet
The Emotet malware persists as a threat as cybercriminals continue to increase not just the level of harm it brings, but also the sophistication of the social engineering
techniques used to propagate it via email. Below are the recommendations for protecting the enterprise’s systems against Emotet:
- Carefully inspect emails, especially those that include links or attachments. If they appear to come from a reputable institution, verify the contact information by checking details listed on its official website.
- Provide security awareness training to employees to teach them how to avoid email threats.
- Deploy the latest patches and updates for operating systems and applications.
- Ensure that antispam filters are properly configured.
- Adhere to the principle of least privilege.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.