The bait is a shipping receipt, attached as an .xlsm file. This, if opened, contacts a random link from an internal list and downloads a DLL, which starts malware infection.
The cyber security expert JAMESWT: New cybercrime campaign to convey Emotet in Italy. The mail-trap, which exploits previously stolen conversations, has no attachments but a link that refers to an alleged Office document
New cybercrime campaign to spread Emotet in Italy with email withohout the attachment. It has been discovered by cyber security researcher JAMESWT. It exploits previous stolen real conversations, but the messages do not contain an attachment. Instead, there is a link that directs the potential victim to a malicious Office file from which the malware infection chain begins. The latest attempts, on the other hand, featured a password-protected .zip archive (provided within the message). This is because cyber criminals tried to evade the entry control of mail by Anti Spam and Anti Virus, according to the principle that they cannot analyze protected content. The umpteenth evolution of the campaign confirms that this is still considered valid by its actors. Consequently, in the next few days it will continue, albeit in different ways.
The email that exploits previous stolen real conversations
The malicious Word document
The links from which the malware is downloaded