Scammers are using Fake Corona virus messages to spread Emotet Trojan

In scam campaigns, spam emails with clipped with some malicious files impersonated as some important documents are offered for download by presenting them as legit and important. Typically, the subjects to the emails are notices from government institutions, companies, shipping and so on. This time, scammers try to exploit the viral topic -the strain of corona virus for this malicious purpose.

The scammers send an email with an attached document of an instruction about how to protect against the corona virus. Following to this instruction, when users open the attachment, they end up into installing a potentially dangerous malware. As IBM X-Force and Kaspersky say:

“A new spam, botnet-driven campaign is spreading malicious files masqueraded as documents with video instructions on how to protect against the coronavirus. Instead of learning anything useful, the potential victim would get a computer infection ranging from Trojans to worms”

The message on the email is written in Japanese indicating that the scam campaign targets specific geographical locations. A Japanese word for the word Notification is used as the subject/tile of the email, and creates the sense of an urgent – an oldest trick used in scam campaign tactics.

The attached document is presented as PDF, MP4, or DOC file and prompts the users to enable the content. When users open the attachments and allow them to run macros command, a malicious VNP macro script will run Powershell command to install Emotet virus in the background.

IBM F-Force says, “Previously, Japanese Emotet emails have been focused on corporate style payment notifications and invoices, following a similar strategy as emails targeting European victims. This new approach to delivering Emotet may be significantly more successful, due to the wide impact of the coronavirus and the fear of infection surrounding it”