Emotet Rises Again: Evades Macro Security via OneNote Attachments

From thehackernews.com

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems.

Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down.

derivative of the Cridex banking worm – which was subsequently replaced by Dridex around the same time GameOver Zeus was disrupted in 2014 – Emotet has evolved into a “monetized platform for other threat actors to run malicious campaigns on a pay-per-install (PPI) model, allowing theft of sensitive data and ransom extortion.”

Read more…