image
The operators behind the notorious Emotet malware have taken aim at United Nations personnel in a targeted attack ultimately bent on delivering the TrickBot trojan. According to researchers at Confense, a concerted phishing campaign has been using emails purporting to be from the Permanent Mission of Norway, which maintains the Scandinavian country’s diplomatic presence in New York. The emails were sent to 600 staffers and officials across the U.N., claiming that there was a problem with a supposed “signed agreement” attached to the mails. The endgame however was to steal login credentials. According to a report confirmed by Threatpost with Cofense, if a victim opened the document, a pop-up warning appeared saying, “document only available for desktop or laptop versions of Microsoft Office Word.” Users were then prompted to click a button to “enable content,” which, if clicked, actually enabled malicious Word macros. In turn, these downloaded and installed Emotet, which would then run in the background. Emotet started life as a banking trojan in 2014 and has continually evolved to become a full-service threat-delivery mechanism. It can install a collection of malware on victim machines, including information stealers, email harvesters, self-propagation mechanisms and ransomware. In the case of the U.N. attacks, Emotet was seen attempting to send out spam emails to additional victims and download second-stage malicious payloads, including the TrickBot trojan, which can…

Source