Emotet malware continues to be one of the most prolific threats in the wild and the malware’s developers are testing new delivery methods to circumvent recent Microsoft security protocols. In this latest activity, first detected by Proofpoint, Emotet threat actors were observed likely testing new tactics, techniques, and procedures (TTPs) on a small scale before employing them in a larger campaign. Specifically, the observed malicious emails contained OneDrive URLs that hosted a zip archive containing XLL files which dropped Emotet malware. This differs from past Emotet activity which utilized malicious macros embedded in Microsoft Excel or Word documents to deliver the malware and this switch is likely due to Microsoft recently blocking macros sourced from the internet by default. Emotet’s adjustments could make the malware harder to detect and ultimately more able to target organizations. Read more at Zdnet or at Proofpoint.