Spammers are taking advantage of the ongoing global health crisis of the Coronavirus (2019-nCOV) by sending out an email carrying Emotet payloads. This email is pretended to be sent on behalf of the local Welfare service provider. The e-mail claims that the attachment carries information about the new preventive measures for coronavirus-related pneumonia. Emotet is a known Trojan that primarily spreads spam emails. This is how the Coronavirus malware is infecting the computers.
Coronavirus malware delivers the Emotet payload
The primary reason the computer coronavirus malware is spreading fast is because of the sensitivity of the condition. Everyone would like to know if there are any extra preventive measures. It has been claimed that as of now, the target users are mainly from Japan, including Gifu, Osaka, and Tottori. The email is being sent to places where there is no infection to create panic.
Here is the sample email which lures users into the trap
How Coronavirus malware delivers the payload
The attachment is a Microsoft Office Word document that contains scripts that can infect the computer. This type of virus is also called Macro Virus. When the recipient downloads the file and opens it, it will receive a notification where it asks to “Enable Content” to properly view the full document. Microsoft Office blocks any document which has been downloaded from the internet to make sure no scripts are executed unless the receiver gives permission. That’s why you should not enable it if you have received a document from a person you do not know. Also, make sure that you have enabled Tamper Protection in Microsoft Security to prevent these types of mishaps.
If the user clicks on the Enable Content button, macros will be enabled, and Emotet payload will be installed on the computer. It uses the PowerShell command to deliver it. Post this, the infected computer will be used to send spam messages to other targets containing Trojans and malware. The Emotet payload has a second module that can steal user credentials, sensitive documents, browser history, and more.
EmoCheck Tool that checks for Emotet malware infection has been released.
Related read: How to Remove the Macro Virus.