Recently, cybercriminals proliferate Emotet malware by posing as Adobe PDF software. This is part of a large-scale advance. The malware uses the built-in functionality of Windows 10 and 11 called App Installer for this. This is reported by the Emotet tracking group Cryyptolaemus on Twitter.
How the cyber attack works
The Emotet malware attack starts with stolen emails that appear to be responding to a previous conversation. In these phishing emails, recipients are asked to view an attached file. The link appears as a PDF.
The link directs the recipient to a fake Google Drive page where they can click “Preview PDF.” However, this button has an ms-app installer URL. In this case, Windows will ask if you want to proceed to the Windows App Installer.
When the recipient agrees, they will get a pop-up asking to install the ‘Adobe PDF Component’. This popup appears to be real as the Adobe PDF icon is clearly visible. It also has publication information and a ‘Trusted App’ mark. Many Windows users will trust the application because of this.
However, once the ‘Install’ button is clicked, a rogue appxbundle is installed. The malware that the recipient has installed on the computer in this way also starts automatically when the computer starts up.
For example, it steals recipients’ email addresses and other data in order to spread malware, such as TrickBot and Qbot, to others. For example, it creates a bot network: a group of computers that criminals use to carry out cyber attacks. After all, the infected computer sends the spam to others unnoticed.
This often leads to ransomware attacks. For example, in these ransomware attacks, cybercriminals demand payments to make your computer virus-free or not to reveal your data.
How to protect yourself from Emotet malware
There are several ways to reduce the chance of Emotet malware being infected. In the first place, it is always wise to activate a good antivirus program and/or a firewall. This prevents many malicious programs from entering your computer.
However, Emotet often works as a computer worm, so this is not always sufficient. So make sure you use strong passwords and two-step verification for your networks. This makes it less easy for scammers to gain unauthorized access to your network.
A third, very important tip is to be suspicious of links. The malware is mainly distributed through phishing. So be critical and look carefully at the sender address of the e-mail. Only open links if you trust them 100%. When in doubt, it is wise to contact the organization, in this case, Adobe. Look up the contact details yourself and find out whether the message in question actually comes from the specific organization.
Catch up on more articles here
Follow us on Twitter here