A malicious Trojan is doing the rounds among Australian email inboxes, prompting a warning from the Australian Cyber Security Centre (ACSC).
The Trojan, dubbed ‘Emotet’, directs recipients to open a Word attachment disguised as a statement, agreement, invoice and is being distributed from a large number of compromised email addresses.
Described as “highly sophisticated in nature” by Melbourne-based security firm MailGuard, the virus outbreak has sparked a ‘Level 3 alert’ from the ACSC via its Cyber Incident Management Arrangements (CIMA).
“The ACSC is working closely with state and territory governments to limit the spread of this computer virus and to provide technical advice and assistance and to support organisations that are affected” ACSC head Rachel Noble said.
“If Emotet infects your computer, it will open up a backdoor that will allow the cyber criminal to inject ransomware that could freeze your network.”
According to MailGuard, the Trojan, which is is difficult to detect by anti-virus software, is unleashed if the user clicks on the Word attachment, which contains a macro that directs them to "Enable Content”.
Upon ‘enabling content’, the macro can run and the payload in the attachment executes. Hackers can then take control of the victim's computer and spread malware.
“It is likely that once a user account is infected, the malware will forward itself to all the users’ email contacts, increasing the likelihood of further infection," a blog post by MailGuard stated.
Issuing advice to potential victims, the ACSC reminded users to lock macros, alert staff to the virus and what to look for, maintain firewalls and scan networks.
In addition, businesses are directed to develop an incident response plan, maintain offline backups and implement complementary security controls.
“Cyber criminals use malware for different reasons, most commonly to steal personal or valuable information from which they can profit, hold recipients to ransom or install damaging programs onto devices without your knowledge,” Noble added.
The ACSC also warned users, whose systems get shut down by Ransomware to not pay the hackers, adding: “There is no guarantee that paying the ransom will fix your computer, and it could make you vulnerable to further attacks.”