Germany’s federal cybersecurity agency BSI is warning of an active malspam campaign that aims at distributing the Emotet banking Trojan.
The malicious messages camouflaged to look like messages delivered by German federal authorities. According to the BSI, attackers have already infected with the Emotet banking Trojan several of federal
“Currently, increasingly spam – mails sent several federal agencies with malicious attachments or links in their names. The Federal Office for Information Security ( BSI ) calls for special caution and warns against opening these emails and links.” reads the security alert published by the BSI. “Several confirmed Emotet infections in federal administration authorities have been reported to the BSI in the past few days.”
BSI is currently investigating other infections and is working with all concerned German authorities to mitigate the exposure to the threat.
Fortunately, authorities were able to detect the threat and cleaned up the infected systems.
Experts warn that Emotet spam messages arrive at the victims as replies to already existing email conversations to trick them into thinking that they are legitimate messages.
“For this purpose, the sender name should be checked carefully, not just the displayed name. The mail should be checked carefully for inconsistencies. If in doubt, you should clarify by telephone with the alleged sender whether an email was actually sent by the sender.” concludes the report. “In addition, the execution of macros when opening Office documents should be avoided and at best prevented centrally.”
The Emotet banking trojan has been active at least since 2014, the
In 2019, security experts haven’t detected any activity associated with Emotet since early April, when researchers at Trend Micro have uncovered a malware campaign distributing a new Emotet Trojan variant that compromises devices and uses them as Proxy C2 servers.
The researchers observed hundreds of thousands of messages were sent as part of this distribution effort.
In November, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) warned businesses and
(SecurityAffairs – Emotet Trojan, BSI)