Technology

OneDrive URLs: Emotet malware infecting Continues

For a few weeks now, the Emotet Trojan has been keeping both Windows users and security experts on their toes. There was a short-lived “bug” that prevented Emotet from infecting its victims – but now the Trojan is back with new tricks. Emotet and its donors are back in business. The cyber-gangsters have fixed a bug that prevents users from getting infected if they open malicious email attachments with the Trojan installer. That reports the online magazine Bleeping Computer.

Oddly enough, the error had caused the malware distribution to block itself for a short time. Infographic Heard a lot – never used: Internet protection measures The attacks are carried out via manipulated e-mail attachments, often disguised as Office documents, programs, or .zip. Now the Trojan has not only corrected the error but also learned more tricks. The botnet appears to have used the short hiatus to test new methods of infecting Windows systems with backdoor malware.

Be careful of OneDrive URLs

This also means that the distribution path has been expanded. One of the new campaigns uses compromised email accounts to send phishing emails with single-word subject lines (for example, “salary,” “labor tax,” or vacation statement).

The body of the message will then simply contain a OneDrive URL with zip files with a name similar to the subject line of the email. This is intended to make victims curious so that they click on the link faster. New is that Emotet uses OneDrive URLs instead of Office attachments. Proofpoint’s security experts are now warning users and especially businesses: “Companies need to be aware of the new technologies and make sure they take appropriate protection measures.”