Usually, downloading a Windows 10 update is a good thing – it means your machine is about to get some tasty new features, stability and performance improvements, or a crucial security patch to keep your data out of the hands of cybercrooks. Unfortunately, bad actors also realise that Windows 10 updates are incredibly trusted. As such, the Emotet malware campaign has decided to leverage the trust that Windows 10 users have in the latest update from Microsoft to try to infect more machines.
Cybercriminals are sending emails with an attachment that claims to be from the Windows Update team that instructs Windows 10 users to upgrade their version of Microsoft Word, Bleeping Computer reports.
Unfortunately – as you’ve probably guessed – there is no update for Microsoft Word and opening the file attached to the email, or downloading the file found at the link in the body of the email, will infect your computer with the vicious Emotet malware. Cybercrooks will prompt users to hit the “Enable Content” option when opening the files as this allows macros to run on their device – which is needed to install the Emotet Trojan.
With legitimate Windows 10 and Microsoft Word updates, there is no need to enable an option like this. So, that should flag to some users that this isn’t the usual update process – and that something might be fishy. However, Emotet is clearly having some success with this method as cybercrooks have used a number of slight variations on this theme in the past.
In order to trick users into downloading and enabling these macros to run, criminals have previously told misinformed users that the attachments were needed to update Windows 10 Mobile, Office 365 as well as the Widows Office Activation Wizard.
Microsoft warns its users: “Microsoft does not send unsolicited email messages or make unsolicited phone calls to request personal or financial information, or to provide technical support to fix your computer. Any communication with Microsoft has to be initiated by you. Download software only from official Microsoft partner websites or the Microsoft Store. Be wary of downloading software from third-party sites, as some of them might have been modified without the author’s knowledge to bundle support scam malware and other threats.”