An analysis of the workings of this new Emotet campaign, which has affected various countries in Latin America by taking advantage of Microsoft Office files to hide its malicious activity
In November, we issued warnings about a huge new spam campaign which was being used to propagate Emotet. Considering the scale of the attack in some Latin American countries and the fact that we received numerous inquiries about it over the last few days, we decided to publish a brief explanation of how this propagation campaign worked.
In recent years we have seen how cybercriminals have taken advantage of the Microsoft Office suite to propagate their threats, from simple macros embedded in files to the exploitation of vulnerabilities. On this occasion though, the implementation is a little unusual, consisting of a downloader incorporated into an Office file. This caused confusion among many users, who asked us to explain how the threat works.
The propagation began with an email message, which had nothing particularly special about it. As seen in Figure 1, it was pretty much the kind of email we are used to seeing in these campaigns.