Emails sent by disability welfare service providers and public health centers are hidden to view.
The scandal has been seen in various provinces of Japan, including Gifu, Osaka and Totori.
Researchers noted the infamous spam email activities, which were official notifications related to coronoviruses.

What happened?

A group of researchers reported a Mangalam campaign disguised as information to provide more information about preventive measures against coronovirus infection, which is currently an epidemic in China.

The email has been sent by disabled welfare service providers and public health centers to gain readers’ trust.
The attackers were, in fact, distributing Emotet payloads through attachments in emails.
The attachment promises to provide preventive measures for Japanese citizens against coronavirus infection.
The scam has been seen in various provinces of Japan, including Gifu, Osaka and Totori.
Prior to this, the Emotet gang was back on a similar trending event, where it targeted people using Custom Holiday for Christmas and Halloween, and used fake invitations for Greta Thunberg demonetization to entice targets .

How does Coronovirus spam mail work?

Reports from the Infosec community state that the malspam campaign used stolen emails (as a template) to try and infect recipients from previously compiled accounts. Some experts indicated that “Japanese and file names are strange in the subject” and that this makes emails look more sophisticated than other Emonet delivery efforts.

The IBM X-Force Threat Intelligence team noted that, “The subject of the email, as well as the document filenames, are similar, but not identical … They are made up of different representations of the current date and the Japanese word ‘information’, urgency. To suggest. ”

Some samples in the email also contained the address of the institution that reported the coronovirus infection for authenticity in the footer.

The purpose of emotet attacks

Usually relying on spam email, Emotet actors try to open an email attachment to their potential recipient, which upon opening leads to the downloading and installation of malware.

Users typically view the attachment as a standard Emotet malspam Office 365 document template that asks them to “enable content” to view the complete document properly.
Doing this enables the macros feature in Microsoft Office that allows the emoteet payload to be installed on the victim’s device using the powerwheel command.
Then, spam messages are used to travel to other systems to release other malware strains such as trickboat trojans, known to distribute ransomware.
Finally, attackers cut user credentials, browser history, and other important documents.