The Emotet malware has returned after a period of inactivity and is now being distributed through Microsoft OneNote email attachments, according to security researchers. Emotet is linked to the threat actor known as Gold Crestwood, Mummy Spider or TA542, and has evolved into a “monetized platform for other threat actors to run malicious campaigns on a pay-per-install (PPI) model, allowing theft of sensitive data and ransom extortion.” Although Emotet infections have previously been used to deliver other types of malware, its return in late 2021 was facilitated by TrickBot. The Windows Script File (WSF) is engineered to retrieve and execute the Emotet binary payload from a remote server. However, Emotet continues to use booby-trapped documents containing macros to deliver the malicious payload. The latest development shows the operators’ flexibility and agility in switching attachment types for initial delivery to evade detection signatures. There has also been a rise in threat actors using OneNote documents to distribute a range of malware, with the US, South Korea, Germany, Saudi Arabia, Poland, India, the UK, Italy, Japan, and Croatia the top targeted countries.
Source: The Hacker News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.