Emotet: Macro shutdown has an effect

Emotet: Macro shutdown has an effect

The Trojan Emotet is on the decline. This shows the current malware topten from Check Point. The reason, apparently, is Microsoft’s decision to block macros in Office programs by default. […]

After the Trojan Emotet has repeatedly topped the “Most Wanted Malware” list of Check Point Software Technologies – so in March with 10 and in February even with 18 percent distribution rate -, the malicious program is on the decline, at least in Switzerland. In April 2022, the Trojan will “only” come in third place there with a rate of 1.5 percent, which it shares with the Infostealer Formbook.

Emotet is still at the top worldwide. But globally, the prevalence rate has also fallen from 10 percent in March to 6 percent in April.

With its malware “hit parade”, the cybersecurity specialist determines the malware types that the Check Point research team has found and filtered out most frequently on corporate computers in Switzerland and worldwide every month.

Macro-blocking works

According to the security researchers at Check Point, one reason for the significantly lower distribution of Emotet can be seen in the fact that Microsoft has been blocking VBA macros (Visual Basic for Applications) downloaded with files from the Internet by default in office programs since April 2022.

However, Check Point can not give an all-clear. Because the cybercriminals have apparently discovered a new method to spread Emotet. For example, phishing emails containing a OneDrive URL have recently been sent. Behind the URL are ZIP files that contain Microsoft Excel add-in files (XLL) with a name similar to the subject line of the email. If these XLL files are opened and executed, Emotet infects the Windows PC with malware. In addition, information is often stolen or backdoors are created for the use of other malware.

Rank Malware family Type of malware Global distribution
1 AgentTesla Remote Access Trojans 2.45%
2 Mirai IoT Malware 1.29%
3 Emotet Trojan 6.43%
3 Formbook Infostealer 3.42%
5 Qbot Banking Trojans 0.90%
6 Lake Tofsee Trojans with reloading function 0.97%
7 Seraph Downloader 0.46%
8 Crackonosh Cryptominer 0.73%
8 Remcos Remote Access Trojans 1.08%
8 BLINDINGCAN Remote Access Trojans 0.48%

*Jens Stark is an author at COM!professional.

Outsourced Software Development Services | Dedicated Software Development Team

Ready to see us in action:

More To Explore

Enable registration in settings - general
Have any project in mind?

Contact us: