Adangerous malware program called Emotet is once again in circulation and it can steal your banking and personal information which can be later used for illegal purposes. According to a report published by cybersecurity specialists at Netskope, fraudsters are using Microsoft Excel files to send malware into the victims device. The cybersecurity firm has revealed that it came across scores of Microsoft Office files that can be used to spread Emotet malware. The report further mentions that criminals are specifically targeting users who are using old versions of Microsoft Excel. Researchers believe that the scam is likely a work of a single threat actor and it uses phishing to reach out to victims.
How this phishing scam works and how it can reach you
The fraudsters use Excel 4.0 (XLM) macros to spread the Emotet malware on the targeted system. Although Microsoft released a protection in early 2022 to prevent the execution of Excel 4.0 (XLM) macros, this attack is still feasible against users who are using outdated versions of Office. It is also feasible against users who have changed the default setting to explicitly enable macros. The fact that attackers are still using Excel 4.0 Macros indicates that outdated Office versions and users who have this protection disabled are still common.
Cybercriminals distribute Microsoft Excel files with Emotet via emails. The victims often receive the malicious files via an enticing email that can prompt them to download the file and open it. Few of these files are even password protected to evade antivirus security.
How to stay safe from the Emotet spam
To stay safe from malwares such as Emotet you should not access files that you receive from unrecognised or suspicious sources. You should also keep your software updated to the latest available versions and use security steps such as firewall and 2-step verification.