Emotet Malware is being packaged in a Fake IRS Email
As the April 15 tax deadline approaches, online criminals are as busy as ever looking to scam individuals and businesses.
Security researchers at Cofsense have released a warning that there have been a number of malicious email campaigns where criminals are posing as the Internal Revenue Service. In these emails that appear to come from “IRS.gov”, documents are attached that appear to be forms such as a W-9, and victims are told they need to be filled out.
In reality, the email is making an attempt to infect the user’s PC with Emotet malware.
Emotet, which first appeared in 2014, is an advanced malware family that is capable of infecting a users’ device with several different types of malware. Emotet began as a banking Trojan, but has evolved into malicious malware that can update itself several times a day as it attempts to bypass defenses and target as many people as possible.
In the case regarding these IRS emails, victims are tricked into opening the email attachments which enable macros in Office documents that will download and install more malware on your machine. From there, it can spread through your home or company network.
The goal of Emotet is to spread through an organization, and in the end demand a large ransom from them.
In an attempt to avoid being detected by anti-virus software, the attachments in these emails are packaged in a password protected .ZIP file.
Your email scanning solution may not know the password that has been used to compress the attachments, but it is given to the user in the email. This is enough for some users to decompress the zipped file and open it.
Bleeping Computer reports that the .ZIP files contain an Excel spreadsheet called “W-9 form.xlsm” which prompts the user to enable macros once it is opened. Once the instructions are followed by the user, the malicious code is activated.
In the past, the IRS has expressed that it will never send out emails about tax refunds or sensitive financial information. They have also published advice on what to do if you receive a suspicious email claiming to be from the IRS.
Story via Tripwire