Security Awareness – Emotet Propagating via Fake Software Installers

The nefarious Emotet malware, which recently reappeared, continues to evolve its propagation methods. The malware is now being delivered by malicious Windows App Installer packages that profess to be Adobe PDF software. WaterISAC previously reported on the reemergence of this malware that spreads via phishing emails and malicious attachments, and often leads to ransomware attacks. The threat actors behind Emotet are currently compromising systems by installing malicious software using a built-in feature of Windows 10 and Windows 11 called App Installer. Using information from security researchers, BleepingComputer has mapped this new Emotet campaign. The scam begins with stolen reply email chains that ask users to click on a link that says “Please see attached.” After clicking the link, the user is brought to a fake Google Drive page that asks them to click on “Preview PDF.” Once users agree to open the PDF, a window opens prompting users to install the “Adobe PDF Component.” Members are encouraged to share this recent tactic with users as part of security awareness reminders. Read more at BleepingComputer.