The largest source of malspam, Emotet botnet, is known to regularly change the email delivery route, file attachment content, and file attachment style to avoid detection. Misleading the users is an important part of the tactics and the malware, botnet’s back-end infrastructure, or email template. The majority of Emotet tactics include booby-traps like Office documents that mislead users to select the” Enable Editing” option.
In the latest tactic launched after a short hiatus, attachments sent via the Emotet campaigns prompt the users with fake Windows Update notifications. The update requires the selection of the “Enable Editing” button. This tactic has already spammed a large number of users.