Tech

Emotet: the terrible botnet returns pretending to be the Chamber of Notaries of Paris

The Emotet group, which had been inactive for several months, has just resumed service. Indeed, computer security researchers from Proofpoint claim that hackers have returned with a new phishing campaign that exploits the name and image of the Chambre des Notaires de Paris.

emotet phishing notaries
Credits: Unsplash

We thought he was dead. But Emotet only took a few months off. The malware formerly dubbed “most dangerous malware in the world” is back despite the dismantling of the infrastructure of Emotet operators in January 2021 by Europol and law enforcement.

No wonder, however, since this malware, which is undetectable by most antiviruses, is not on its first “comeback”. After spreading through surrounding Wi-Fi networks in 2020, the Emotet malware returned in June 2022 to Chrome to steal users’ banking data.

EMOTET returns with a new phishing campaign

This time and as the computer security researchers at Proofpoint point out, Emotet now uses documents that support macros in order to fetch virus payload from hacker-run C&C servers. To do this, the operators have just launched a new phishing campaign which notably exploits the name and image of the Chambre des Notaires de Paris.

Via these fraudulent emails, the Emotet group wants to encourage recipients to download a document inserted as an attachment. Laurent Rousseau, Solutions Architect Manager, at Infloblox France, a company specializing in computer security, explains that he observed a significant increase in EMOTE infection attempts via spam campaigns.

emotet phishing notaries
Credits: Proofpoint

The modus operandi of the attackers has changed, formerly the infrastructure was owned by the attackers, which allowed law enforcement to identify and arrest them. Now they rely on legitimate sites, which makes their network and infrastructure much harder to detect and shut down. It is also noteworthy that France is now one of the preferred countries for hosting the Command & Control servers of EMOTET botnets”, he declares.

As said above, EMOTE is distributed mainly via Excel files with XML macros. Additional source that it is time to disable these macros as recommended by Microsoft since early 2022.”These macros are still a proven threat as a lot of organizations do not update MS Office applications regularly because in any case the use of these macros remains configurable by the user”, explains Laurent Rousseau.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *