Skip to Content
© Ysuel1 | Dreamstime.com
News

Dangerous malware has a new trick: Stealing your email attachments

It seems as if most of us are faced with a never-ending deluge of spam these days. Whether it comes in the form of emails or robocalls, there’s no escaping that the huxters of the web are using this period of global lockdown to bombard people stuck in their homes with junk advertising and scams.

It’s happening in all corners of the internet, and it’s having dangerous impacts on people’s financial well-being. Some of these scams are even installing malware on people’s computers as soon as they click an email link. Tap or click here to see a perfect example of this kind of deception.

But if you’re wondering why this sudden spike in spam is occurring, we have the answer: One of the world’s worst botnets has reawakened after a five-month hiatus. Not only is this chain of infected computers shooting spam messages in every direction, but it’s also copying text and attachments from your contacts to look more convincing. Here’s what you need to know.

The curse of Emotet

Are you familiar with Emotet? Even if you don’t think you are, you’ve probably received hundreds of emails from this prolific spambot that sends more than 250,000 messages per day filled with spam, viruses and ransomware to accounts all over the world.

How did this thing get so big and powerful? Well, that’s the nature of botnets in general. Botnets grow stronger by infecting victims with compromising malware that turns computers into “zombie machines” that serve the needs of the botnet. If your computer gets infected, for example, it can be forced to send spam to your friends and contacts.

And this is one of Emotet’s biggest calling cards. It’s so effective at ensnaring victims because it will use familiar contacts to spread spam and malware. It’s even capable of generating convincing subject lines and message text based on past emails that victims may have sent.

That’s not the only trick Emotet is capable of now, though. According to BleepingComputer, Emotet has been updated with new code that extracts and repurposes email attachments from your contacts to make its spam more convincing. The usual advice of only opening attachments you expect from contacts you trust won’t even apply here!

But as bad as Emotet botnet has been, it’s been dormant for the last five months. This isn’t particularly abnormal for Emotet, which tends to take extended breaks every so often for unknown reasons. But after this long break, security researchers at Proof Point discovered evidence that Emotet has reactivated itself, and it’s bringing the big guns out.

Emails detected in recent days include the usual suspects of spam messages and phishing links. But in addition to those, known malware like the Ryuk ransomware and Trickbot are also being included as part of malicious email attachments.

Tap or click here to see what Trickbot is capable of.

At this point in time, the best thing you can do is stay vigilant and do whatever you can to avoid the touch of this malware machine. Otherwise, your computer may end up becoming part of a much bigger problem.

How can I protect myself from the botnet?

Just like with any email-based malware campaign, awareness is key. To stay one step ahead of the web’s worst spammers and scammers, you need to treat your email with the same kind of caution you would with unfamiliar corners of the internet.

This means avoiding opening emails from unknown senders, verifying with contacts that they actually sent you a message or attachment, and never clicking on external links from emails unless they take you somewhere familiar. But even then, we’d still recommend contacting the original sender for clarification before going further.

And because Emotet can cut and paste both text and attachments from emails your real-life contacts send, you’ll need to be highly specific when confirming they actually sent the message in question to you. If you get an email from a friend with an attachment, call them up and ask them if they sent the message to you at the exact time it arrived in your inbox.

Here are other important steps to keep yourself from being touched by this nasty botnet:

  • Always use strong passwords that don’t involve personal information or common phrases. Don’t reuse them between different accounts, either. Tap or click here to find out how to create strong passwords.
  • Ignore or avoid emails from unknown senders, and check the URLs and sender email addresses very closely — even if the message appears to be from someone you know. Take this quiz to see if you can spot scams.
  • To stay on the safe side, just navigate to trusted websites manually in a new tab or window, without clicking any links.

Speaking of passwords, enabling two-factor authentication is a must for your security. Even strong passwords can be cracked by hackers, but it’s unlikely they’ll have any way to physically get their hands on your smartphone. Tap or click here to see how to set up 2FA for your favorite online accounts.

But if you’re worried you might have been infected by the botnet yourself, we’d say you’re on the safe side unless your computer has been performing strangely or if you’ve been the victim of a recent ransomware attack. If either of these applies to you, a virus scan is your best option on the road to recovery. Tap or click here to see our favorite free anti-malware apps.

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment within the Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the Tech Forum.

Join Now