Emotet malware distributed as fake W-9 tax forms from the IRS
A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. [...]
Stay informed on Emotet, the notorious malware strain. Get the latest updates, defenses, and analysis in information security with our focused coverage.
Search across headline titles and summaries.
Background for this topic.
Emotet is a malware family first identified as a banking Trojan and later used as a modular loader and botnet. It has commonly been delivered through unsolicited email, including messages carrying malicious attachments or links. A successful infection can allow operators to collect information from a host and download additional malware, making Emotet activity relevant even when the initial payload is not the final threat.
Security teams should treat suspected Emotet exposure as a potential foothold: inspect email-borne files and links, keep operating systems and applications patched, and limit unnecessary scripting or macro execution. If an infection is suspected, isolate the host, investigate related endpoints and outbound connections, and reset credentials that may have been exposed. Threat intelligence on Emotet infrastructure can support blocking and hunting, but indicators should be handled as time-sensitive evidence rather than a substitute for endpoint and email controls.
Weekly headline count for the current query.
A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. [...]
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. [...]
The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. [...]
The Emotet malware operation is again spamming malicious emails after almost a four-month "vacation" that saw little activity from the notorious cybercrime operation. [...]
The Emotet malware operation is again spamming malicious emails after almost a five-month "vacation" that saw little activity from the notorious cybercrime operation. [...]
While monitoring the Emotet botnet's current activity, security researchers found that the malware is now being used by the Quantum and BlackCat ransomware gang to deploy their payloads. [...]
The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. [...]
Historic Hotel of America serving up modern malware to their guests. Why securing your inbox with more than just anti-malware engines is needed to prevent cybercrime attacks. [...]
The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. [...]
The Emotet botnet is now using Windows shortcut files (.LNK) containing PowerShell commands to infect victims computers, moving away from Microsoft Office macros that are now disabled by default. [...]
The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments. [...]
The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines. [...]
Microsoft now allows enterprise admins to re-enable the MSIX ms-appinstaller protocol handler disabled after Emotet abused it to deliver malicious Windows App Installer packages. [...]
The Emotet malware botnet is taking advantage of the 2022 U.S. tax season by sending out malicious emails pretending to be the Internal Revenue Service sending tax forms or federal returns. [...]
The notorious Emotet botnet is still being distributed steadily in the wild, having now infected 92,000 systems in 172 countries. [...]
Microsoft has disabled the MSIX ms-appinstaller protocol handler exploited in malware attacks to install malicious apps directly from a website via a Windows AppX Installer spoofing vulnerability. [...]