Cybersecurity News

Emotet Now Spreading Through Malicious Excel Files

The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found.

“Emotet’s new attack chain reveals multiple stages with different file types and obfuscated script before arriving at the final Emotet payload,” Unit 42 researchers Saqib Khanzada, Tyler Halfpop, Micah Yates and Brad Duncan wrote.

The new attack vector-discovered on Dec. 21 and still active-delivers an Excel file that includes an obfuscated Excel 4.0 macro through socially engineered emails.

The new Emotet infection method using Excel macros also has several variations, according to Unit 42.

“In other cases, Emotet uses an Excel spreadsheet directly attached to the email.”

“The encrypted.ZIP file contains a single Excel document with Excel 4.0 macros,” researchers wrote “These macros are an old Excel feature that is frequently abused by malicious actors. The victim must enable macros on a vulnerable Windows host before the malicious content is activated.”

Stay on Top of Cyber Threats!
Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Recent Cybersecurity News

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

No engagement. We answer within 24h.
Scroll to Top


Enter Your Corporate Email