I’m sure you’ve heard of Emoticon. It is one of the most important security threats in recent years. It has appeared in different malware campaigns and hackers have been perfecting the attacks. Now it’s back, once again, with some improvements. In fact, it uses a new trick to bypass antivirus and security measures. We are going to explain how it works and what you can do to be protected.
Emotet bypasses security again
In this new emotet campaign, security researchers have discovered that it uses unconventional IP addresses for the first time. In this way they can confuse and fool security measures. Thus they can achieve their goal of infecting the victim without being detected.
What they do is use hexadecimal and octal representations of the IP adress. In this way they manage to initiate the request from the remote servers and it is transformed. This has been detected in malicious Excel 4.0 macros. This may come, for example, through an attachment sent to us by email.
The attacker manipulates repetitive tasks in Excel to deliver the malware and strain viruses. In addition, the URL is hidden so that it goes unnoticed by security measures. Keep in mind that Emotet is malware that has been present in many attacks in recent years and that it can, among other things, steal the victim’s bank details.
Microsoft already plans to disable Excel 4.0 macros by default. This will help maintain security and prevent attacks of this type, although it also affects usability.
Tips to be protected
What can we do to avoid these attacks with Emotet and other similar ones that may appear? The most important thing will be common sense. It is essential to avoid making mistakes, such as opening Excel files that we receive without really knowing the source. This is exactly how hackers can launch these types of campaigns.
It will also be essential to have updated systems, in addition to any application we use. In this way we will correct many vulnerabilities that may appear and be exploited by attackers. They can take advantage of these flaws to launch their attack campaigns and compromise privacy and security.
But another thing that we cannot ignore is the importance of always having a good antivirus. This is what will allow you to detect those Excel files that could be a danger, for example. Even if we make the mistake of downloading them, a good antivirus could give us a warning that this is actually malware. Therefore, we should always have this type of software.
In short, a new malware campaign uses Emotet again and uses a trick to bypass security measures and infect the victim. However, we have seen that we can easily avoid it if we keep common sense and always have updates and security applications. It is important to protect systems from the entry of malware.
