Unfortunately, after a long absence, Emotet, the virus that has caused the most problems in the cybersecurity industry, is back!
It first appeared in 2014 as a simple Trojan horse. However, Emotet soon evolved into a dangerous malware with the ability to install other malware on already infected PCs. In 2020, this malware was able to infiltrate the Quebec Department of Justice. Then he multiplied attacks on the French, Japanese and New Zealand governments. After an absence of several months, Emotet is back in 2023.
Emotet: Back to play a nasty prank on us
Emotet’s malware technique is quite simple. Basically, it consists of sending malicious emails under the name of a known sender while addressing the recipient by name. As a result, the virus tricks victims into clicking links to enable macros (a series of instructions bundled into a single command/shortcut).
To evade the radars of security systems, Emotet has developed its own method. In fact, he attaches a Word document that contains a lot of superfluous data (e.g. a lot of numbers). That’s not all, the attached files weigh more than 500MB, which is heavy enough to bypass security scans.
The Word document is intercepted using a method known as “binary padding” or “file pumping”. This technique consists of writing white text on a white background to go unnoticed.
In addition to the weight of the file, which already allows the security barrier to be overcome, the text that hackers add with Emotet acquires a capacity that allows it to pass unnoticed by the various security solutions.
When you open the file, the Word document will launch under a pane stating that the content cannot be accessed unless you click the Activate Content button. Clicking this button automatically overrides Word’s default setting, enabling macros.
The macros then use Office to download a ZIP extension from an unsecured website. Once the rar extension is extracted, an infected dll file will be installed. This file is a kind of library that contains data and code that can be used by various programs.
The consequences of this virus
Once the computer is infected, Emotet has access to all your passwords and other sensitive data. Furthermore, the malware can even use email conversations by spamming your contacts to snare them as well. The best trick to stay away from these attacks is to never enable macros in a document received via email.
