Emotet is one of the most feared malware strains circulating right now. The team behind it has managed to infect a staggering array of targets all around the globe. To say that it is a major threat would be an understatement. However, recently the group behind Emotet just upped the ante even further. Researchers have recently discovered that the malware is now being distributed via a new channel.

The new channel is a malicious Windows App Installer that appears to be an innocuous Adobe PDF reader. Windows App Installer is a built-in feature of Windows 10 and 11, and systems can be infected by "tricking" users into clicking attachments in emails that trigger the App Installer.

Emotes's preferred methodology revolves around a "conversation in progress" approach. An email is crafted that already has several replies. So at a glance, it appears that the recipient and whoever sent this email has already been conversing about something. The "most recent" answer says some variation of "please see attached" and contains a PDF file.

When the recipient clicks the file, the built-in App Installer is triggered, and the malware is installed. Note that this bypasses most malware and AV software because the recipient consciously opens the file.

The campaign is amazingly well put together. The attachment and subsequent prompts appear to be legitimate Adobe Acrobat components right down to sporting an official company icon and a certificate marking it as a trusted application. So there's no reason for a user to think that there's anything amiss unless they look more closely at the email containing the attachment.

That's exactly what the hackers are counting on. They know that people are busy and may only give the body of the email a cursory glance before clicking to see what all the fuss is about.

As ever, vigilance and mindfulness are the keys to avoiding these shenanigans.

Used with permission from Article Aggregator