Skip to Content
© Reza Fahmi Kalkasandi |
Security & privacy

Windows alert: Fake Office updates trick you into downloading malware

It’s rare for malware threats to stay the same. In fact, the more time that passes without addressing a threat, the more dangerous it becomes. That’s why early detection, patches and education are critical to protecting people from cyberattacks.

Previously, we’ve reported on the massive Emotet botnet — a malware campaign that turns victim’s computers into “zombies” that help spread itself. It’s capable of sending more than 250,000 malicious emails per day, and over the past few months, it’s only gotten more active. Tap or click here to see what we know about Emotet.

Emotet has been running wild across the web since it reawakened back in May. And in that time, it’s picked up some dangerous new tricks that make it even harder to spot. Emotet can now impersonate Microsoft’s Windows Update service, and the fake alerts it generates are fooling people into infecting themselves.

Emotet ups the ante

If you thought Emotet was bad before, wait until you see what it’s learned in the last several weeks. Researchers at Cryptolaemus have discovered the botnet is using new templates as part of its spam campaign that looks just like system alerts from Windows Update.

Emotet spreads through malicious Word documents attached to spam emails. If you try to open the document, you’ll get an alert that says the document must be “converted” or “updated” to display properly. There are a few variations: Some Emotet documents will say they were made on a Mac instead of a PC. Others will say they were made in an older version of Office.

But the latest alerts Emotet creates are much harder to spot. If you download one of Emotet’s new malicious documents, the fake alert looks like it’s coming from Windows Update — a part of your operating system.

Source: @catnap707/Twitter

Curiously, the alert claims you have to enable editing to update your app. This isn’t how Windows Update, Microsoft Office or any software works, for that matter.

Despite the fresh coat of paint, this new tactic from Emotet is pretty close to some of its oldest tricks.

Tap or click here to see another example of a malicious Emotet Word document.

What can I do to protect my PC from Emotet?

Just like with any other malware campaign that uses emails, you can protect yourself if you know the red flags to watch out for. Emails from unknown senders, emails with attachments, poor spelling and grammar, weird links and threatening language are all suspicious signs.

Emotet is also known to impersonate the victims it infects by cutting and pasting text from emails they’ve sent. If someone you know sends you a message with an attachment or link, we’d recommend contacting them to make sure they actually sent it.

Here are other important tips to protect yourself from Emotet attacks:

  • Always use complex passwords with alternating caps, characters, letters and numbers. Don’t ever reuse them between different accounts. Tap or click here to see how to create stronger passwords.
  • Avoid all emails from unknown senders. Always check senders’ email addresses closely — even if the message looks like it’s coming from someone you know. 
  • Stick to browsing trusted websites. Always type out the address manually in a new tab or window without clicking any links to it.
  • Use two-factor identification to protect your accounts. Strong passwords can be still cracked by hackers, but they won’t have a way to access your phone remotely. Tap or click here to see how to set up 2FA for your online accounts.

If you’re worried you’ve already fallen for Emotet, your best course of action is a virus scan. Antimalware programs like Malwarebytes know how to find and isolate the Emotet Trojan. Tap or click here to see our favorite free anti-malware apps.

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out