Brazil is already the fifth country most affected by a new contamination campaign by Emotet. Known and widely popular malware, which creates gateways into computers for data theft and new attacks, is now spread from manipulated Microsoft Office documents sent via email and disguised as legitimate files targeted at companies and organizations.
According to an alert issued by cybersecurity company Kaspersky, this is the first time that criminals sending Emotet have used a technique known as file pumping. The method consists of inserting malicious bytes into legitimate files, in this case, those of Microsoft’s suite of applications, as a way to escape detection by security software.
The new tactic began circulating on March 7th and appears to be massively distributed, with Brazil accounting for around 5.2% of incidents recorded so far. In first place is Italy, with 11.8% of the attacks, followed by Mexico (10%), Japan (9.9%) and Vietnam (7.8%), with other countries in Asia and Europe also being part of the contamination ranking.
Kaspersky also points to Emotet as an integral part of campaigns related to selling access to compromised systems. Once installed, the pest opens backdoors that can be used for remote access, data theft, ransomware deployment and other types of attacks; this vector is marketed in cybercriminal forums for those interested in carrying out scams against groups of users, companies or organizations.
Despite the unprecedented mechanism of contamination, care remains the same. Users should be wary of attachments received via email, even if they come from known sources or sound legitimate. Data like this should only be downloaded and opened when you are sure of its origin, without authorization to run macros, scripts and other activities on the device.
In addition, it is important to keep applications and the operating system always up to date, as corrections can close common gateways. Also make sure you have security software installed and running on your PC and cell phone, as they are also capable of detecting and curbing malware contamination and alerting you to accessing dangerous sites.
