securityaffairs.co
Open in
urlscan Pro
2001:8d8:100f:f000::289
Public Scan
URL:
https://securityaffairs.co/wordpress/107179/cyber-crime/emotet-covid19-spam-campaign.html?utm_source=rss&utm_medium=rss&utm...
Submission: On April 12 via api from US
Submission: On April 12 via api from US
Form analysis 1 forms found in the DOM
Name: searchform — GET https://securityaffairs.co/wordpress/
<form role="search" method="get" name="searchform" id="searchform" action="https://securityaffairs.co/wordpress/">
<div>
<input type="text" value="" name="s" id="s" autocomplete="off" title="Search..." class="blur">
<button type="submit">
<i class="fa fa-search"></i>
</button>
</div>
<div id="autocomplete"></div>
</form>Text Content
* Home * Cyber Crime * Cyber warfare * APT * Data Breach * Deep Web * Digital ID * Hacking * Hacktivism * Intelligence * Internet of Things * Laws and regulations * Malware * Mobile * Reports * Security * Social Networks * Terrorism * ICS-SCADA * EXTENDED COOKIE POLICY * Contact me MUST READ Headlines * LinkedIn confirmed that it was not a victim of a data breach * Fitch Ratings: Cyberattacks could pose a material risk to water and sewer utilities * Is the recent accident at Iran Natanz nuclear plant a cyber attack? * Personal data of 1.3 million Clubhouse users leaked online * Security Affairs newsletter Round 309 * Joker malware infected 538,000 Huawei Android devices * Home * Cyber Crime * Cyber warfare * APT * Data Breach * Deep Web * Digital ID * Hacking * Hacktivism * Intelligence * Internet of Things * Laws and regulations * Malware * Mobile * Reports * Security * Social Networks * Terrorism * ICS-SCADA * EXTENDED COOKIE POLICY * Contact me EMOTET MALWARE EMPLOYED IN FRESH COVID19-THEMED SPAM CAMPAIGN August 15, 2020 By Pierluigi Paganini THE EMOTET MALWARE HAS BEGUN TO SPAM COVID19-THEMED EMAILS TO U.S. BUSINESSES AFTER NOT BEING ACTIVE FOR MOST OF THE USA PANDEMIC. The infamous Emotet malware is back, operators have begun to spam COVID-19 themed emails to the U.S. businesses. Early this year, the Emotet malware was employed in spam COVID19-themed campaigns that targeted those countries that were already affected by the pandemic. Since the begin of the COVID19 pandemic in the US in March, the Emotet malware was never employed in Coronavirus-themed spam campaigns against U.S. businesses. Not the operators behind the threat have started sending out COVID19-themed spam messages to users in the USA. A security researcher that goes online with the Twitter handler Fate112, detected an email that pretends to be from the ‘California Fire Mechanics’ and is using the ‘May COVID-19 update’ subject. The experts noticed that the template was not created by the Emotet operators, but rather the email was stolen from an existing victim and used in the spam campaigns. The spam messages used a malicious attachment titled ‘EG-8777 Medical report COVID-19.doc’, which uses a generic document template that pretends to be created from an iOS device and asks the recipients to click on ‘Enable Content’ to view it properly. Upon clicking on the ‘Enable Content’ button, a PowerShell command will be executed that downloads the Emotet malware from a site under the control of the attackers. According to BleepingComputer, in the recent campaign Emotet is saved to the %UserProfile% folder and named as a three-digit number (i.e. 498.exe). Once infected a system, it will be used to send out further spam emails and to download additional payloads, like TrickBot or Qbot. Let me suggest you to remain vigilant and double check the attachments of any COVID19-themed message you will receive. Pierluigi Paganini (SecurityAffairs – hacking, COVID19) Share this... Facebook Twitter Linkedin SHARE THIS: * Twitter * Print * LinkedIn * Facebook * More * * Tumblr * Pocket * * coronaviruscovid19EMOTET malwareHackinghacking newsinformation security newsIT Information SecuritymalwarePierluigi PaganiniSecurity AffairsSecurity Newsspam -------------------------------------------------------------------------------- SHARE ON * * * * * * * PIERLUIGI PAGANINI Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”. -------------------------------------------------------------------------------- PREVIOUS ARTICLE PoC exploit code for two Apache Struts 2 flaws available online NEXT ARTICLE Sodinokibi ransomware gang stole 1TB of data from Brown-Forman -------------------------------------------------------------------------------- YOU MIGHT ALSO LIKE LINKEDIN CONFIRMED THAT IT WAS NOT A VICTIM OF A DATA BREACH April 12, 2021 By Pierluigi Paganini FITCH RATINGS: CYBERATTACKS COULD POSE A MATERIAL RISK TO WATER AND SEWER UTILITIES April 12, 2021 By Pierluigi Paganini * SPONSORED CONTENT * * PIXFUTURE * DIGGING THE DEEP WEB: EXPLORING THE DARK SIDE OF THE WEB * SECURITYAFFAIRS AWARDED AS BEST EUROPEAN CYBERSECURITY TECH BLOG AT EUROPEAN CYBERSECURITY BLOGGER AWARDS * CENTER FOR CYBER SECURITY AND INTERNATIONAL RELATIONS STUDIES * SUBSCRIBE SECURITY AFFAIRS NEWSLETTER More Story POC EXPLOIT CODE FOR TWO APACHE STRUTS 2 FLAWS AVAILABLE ONLINE Security researchers have discovered a PoC exploit code available online that can be used to trigger unpatched security... Copyright 2021 Security Affairs by Pierluigi Paganini All Right Reserved. Back to top * Home * Cyber Crime * Cyber warfare * APT * Data Breach * Deep Web * Digital ID * Hacking * Hacktivism * Intelligence * Internet of Things * Laws and regulations * Malware * Mobile * Reports * Security * Social Networks * Terrorism * ICS-SCADA * EXTENDED COOKIE POLICY * Contact me This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here. If you continue to browse this site without changing your cookie settings, you agree to this use. Accept Read More Privacy and Cookies Policy Close PRIVACY OVERVIEW This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities... Necessary Necessary Always Enabled Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information. Non-necessary Non-necessary Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website. SAVE & ACCEPT