Emotet Climbs March 2023's Most Wanted Malware List With OneNote Campaign

Written by

The Emotet malware has continued to climb the rankings of Check Point’s Most Wanted Malware List in March thanks to a new campaign relying on spam emails containing a malicious OneNote file.

The threat is now second on the list, one spot up from February’s report. The campaign responsible for its growth in adoption lures victims to open a malicious OneNote file that installs the malware.

Once installed, Emotet can gather login credentials and contact information to expand the campaign’s reach and facilitate future attacks. The new technique, according to the Check Point report, is a result of Microsoft announcing blocking macros from Office files.

Read more on this trend here: Hackers Change Tactics for New Post-Macro Era

“We know that Emotet is a sophisticated Trojan, and it is no surprise to see it has managed to navigate Microsoft’s latest defenses,” explained Maya Horowitz, VP of research at Check Point Software.

“The most important thing people can do is make sure they have appropriate email security in place, avoid downloading any unexpected files and adopt healthy skepticism about the origins of an email and its contents.”

As for the rest of the malware in Check Point’s latest Most Wanted report, the Qbot banking trojan has retained its top spot. At the same time, the Formbook infostealer is now in third position after being overtaken by Emotet.

In the mobile landscape, the AhMyth RAT was the most wanted malware in March, replacing the Anubis banking Trojan, which is now in second position. Hiddad is third, down one spot from February.

The top exploited vulnerability in March was a remote code execution vulnerability in Apache Log4j (CVE-2021-44228). The second spot was taken by various HTTP headers remote code execution (RCE) flaws (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) and the third one by an RCE in MVPower DVR devices.

The list also includes the top-attacked industries globally.

What’s hot on Infosecurity Magazine?