NT CERT has received many reports regarding the infection of the malware Emotet, which has been confirmed to resume its activities since the late November 2021. The number of reports has increased in particular since the first week of February 2022.
The number of .pk email addresses that may be infected with Emotet and abused in malspam activities has significantly increased. Since the Emotet activity is almost as severe as 2020 when Emotet infections were very active, NT CERT recommends checking whether appropriate measures are taken against Emotet.
Emotet that has been observed since the late November 2021 is mainly distributed through emails as an Excel or Word file with macros (or as a password protected Zip file containing such file). Enabling the macro after opening the file leads to the infection of Emotet.
In addition to these methods, NT CERT has also observed cases where malicious Excel and Word files are downloaded by clicking a link in the body of an email, or Emotet infection through a link that is pretending to be for installing an application on Windows.
It is recommended not to open the attached file or link unless it can be trusted although the email looks to be coming from a business partner or acquaintance.