14 February 19, 21:49
Quote:The Emotet trojan has seen a spike in activity in the last month, with a campaign that once again showcases its ability to evolve quickly: It’s now employing a different delivery mechanism than has previously been seen, in what appears to be an effective tactic for evasion.
Emotet, which has become a bit of a chameleon in the malware world thanks to its penchant for constantly adding new functionality, is now being delivered via embedded macros inside XML files disguised as Word documents, according to Menlo Security.
“In the past, we have seen Emotet being delivered through regular macro-infested Word documents, but this technique of disguising an XML document as a Word document seems to be a recent change in the delivery technique,” the company said in a Wednesday blog post. “With such constant changes in tactics from the Emotet threat actors, we foresee that this campaign will continue to evolve and become more sophisticated.”
Krishnan Subramanian, security research engineer at Menlo Labs, told Threatpost that on average, Menlo has seen up to 15 different customers per day being targeted across its customer base, every day since mid-January. The healthcare vertical was the most targeted.
SOURCE: https://threatpost.com/emotet-evasion-ta...ml/141862/