Skip to main content

Emotet Uses Coronavirus, Microsoft Azure Flaws & UN Kept Hack under Wrap!

Emotet Uses Coronavirus, Microsoft Azure Flaws & UN Kept Hack under Wrap!

It is Thursday January 30th, 2020 and here are today’s most pressing cyber stories we need to know about.


Emotet Uses Coronavirus Scare to Infect Japanese Targets


A malspam campaign is actively distributing Emotet payloads via emails that warn the targets of coronavirus infection reports in various prefectures from Japan, including Gifu, Osaka, and Tottori.

To scare the potential victims into opening malicious attachments, the spam emails — camouflaged as official notifications from disability welfare service provider and public health centers — promise to provide more details on preventative measures against coronavirus infections within the attachments.

The Emotet gang is known for taking advantage of trending currents events and approaching holidays by sending out targeted custom templates, such as invites to a Greta Thunberg Demonstration or to Christmas and Halloween parties.

They are doing it again in the case of this campaign, exploiting an ongoing global scale health crisis triggered by infections with the new 2019 novel coronavirus (2019-nCOV) strain that causes respiratory illness for their own malicious purposes.

According to reports from the infosec community, this campaign is using stolen emails from previously compromised accounts as a template to attempt and infect recipients with Emotet.

However, others point out that "Japanese in the subject and file names is strange" and that this "looks more sophisticated than other Emotet distribution attempts."

"The subject of the emails, as well as the document filenames are similar, but not identical," a report from IBM X-Force Threat Intelligence explains.

"They are composed of different representations of the current date and the Japanese word for 'notification', in order to suggest urgency."