Notorious Emotet Malware Starts Using Fake Windows Update Alerts To Deceive Victims

The cybercriminal controllers of one of the world’s most notorious malware strains are taking a new approach to luring potential victims. Their new email campaign is using a bogus Windows Update alert to kickstart the infection process.

Entrepreneur angry and furious with laptop

The malicious emails don’t mention anything about updating in the subject or the message body. Those follow the cybercriminal playbook and stick to trending topics like COVID-19 and President Trump’s health or time-tested lures like fake shipping notices, invoices and resumes.

It’s only after opening the attached documents that would-be victims are confronted by the deceptive update notification. Bleeping Computer shared the image below in a post that detailed this new approach.

A deceptive update alert used by the Emotet malware

Why use a fake Windows Update alert? The answer lies in the yellow bar at the top of the document.

Microsoft Word and the other Office apps have built-in protections designed to thwart document-based attacks. The Protected View warning is one of those.

The warning is pretty clear: email attachments can contain viruses. This one absolutely does.

At this point, though, the user’s PC hasn’t been infected. Advanced functionality required by Emotet and other malware isn’t activated until “enable editing” has been manually clicked.

Cybercriminals rely on social engineering tricks to persuade users to into ignoring Microsoft’s warning and disable Protected View. That screen above is likely slick enough to convince broad swaths of users.

As is often the case, however, re-reading this purported Windows Update alert with a critical eye exposes the scam.

Emotet’s controllers want you to believe that “these programs need to be upgrade[sic].” Had that text been composed by Microsoft, you can bet the last word would have been “upgraded.”

It’s also important to note that Microsoft won’t notify you about Office updates this way. Instead, you’ll see a yellow bar at the top of the app window. It looks a lot like the Protected View warning, except it begins “updates available.”

The first step in the fight against malware is staying vigilant and learning to spot dangers. Subtle differences like these could be the difference between harmlessly opening a document from someone you trust or becoming the latest victim of the Emotet malware.

NOTE:: This article is copyright by and we are using it  for educational or Information purpose only.

The Best Anti Viruses of 2020