Emotet is malware that is often infected by opening Word files attached to emails.
It was seized and stopped by EUROPOL (European Organization of the Criminal Police) on 1/27/2021, but there are signs of resumption of activity since around 11/14/2021.
The attached files are not only Word and Excel files, but also zip files with passwords.
Emotet malware, which was popular in Japan from the end of August 2019 to January 2020, seems to have temporarily resumed its activities in Japan since July 2020. Please be aware that activities may become more active in the future.
When infected with Emotet, not only is the e-mail information of Outlook (authentication information to the e-mail server, e-mail address of the inbox, subject etc.) stolen, but also other malware (Qbot, TrickBot, Ryuk ransomware, Ursnif banking malware etc.) ) May cause additional infections.
The stolen email information may be used to scatter emails to spread infection.
- Regarding the resumption of email distribution activities that lead to infection with the malware Emotet (JPCERT/CC)
Please note that there are various subject lines for emails, and some may take the form of replies to stolen emails.
If you receive such an email, please do not open it and contact the Center for Science Information.
If you open it and activate the content, immediately disconnect from the network.
Please check if the antivirus software on your device is working properly.
For the emails scattered,there are those that take the form of replying by quoting stolen mail in the body (reply type), and those that embed the stolen name/email address etc. in the subject and signature of the body.
Please be careful.
It has been confirmed that there is no attached file and a link is written in the email body.
Please be careful not to access the link destination as the Word file etc. of the Emotet downloader will be downloaded when you click the link.
！！！Do not run macros in Word files with macros (do not press enable content)！！！
【Information about Emotet】
- Alert regarding malware Emotet infection (JPCERT/CC)
- About emails targeted for infection by a virus called "Emotet"(IPA)
(People who have exchanged in the past)
Example of subject
Request to send invoice (number etc.)
This is the invoice. (Numbers, etc.)
Re: (Subject of previously received email)
Example of attachment file name
(Alphabet and numbers) Please send invoice. doc
(Alphabet or number) This is the invoice. .doc
(Alphabets and numbers) Notification of payment amount and issuance of invoice.doc