Threats via email worsened in the first four months of 2022, growing by 37% compared to the last four months of 2021. The conclusion is from the ESET Threat Report T1 2022, which compiles key statistics from ESET’s detection systems .
Despite active phishing activities, it was the spam email campaigns, with malicious documents from the Emotet banking trojan family, that are cited as the main reason for this growth. In March, ESET saw a spike in large-scale Emotet email campaigns detected as variants of DOC/TrojanDownloader.Agent. This increase was also recorded in Portugal and corresponds to some of the 10 main threats detected in the country in the first four months of the year.
829% increase
Globally, the incidence of DOC/TrojanDownloader.Agent in mailboxes was such that ESET recorded an increase of 829% compared to detections of variants in the last quarter of 2021. DOC/TrojanDownloader.Agent represents malicious Microsoft Word documents that download other malware on the Internet. The countries most affected by the renewed Emotet campaigns were Japan, Italy and Spain.
However, this campaign preceded Microsoft’s decision to disable Visual Basics for Applications macros downloaded by default in Office programs, one of the main distribution routes used by Emotet. That is, in the future, the operators of this family of trojans will be forced to look for new avenues of attack.
malicious attachments
Another threat distributed as email attachments – and Discord – with substantial growth in Q1 was MSIL/TrojanDownloader.Agent, which grew by 130% compared to Q4 2021. This malware attempts to download other malware via various methods , usually containing a URL or a list of URLs leading to the final payload. In Portugal, MSIL/TrojanDownloader.Agent was the third biggest threat detected in the first quarter.
Among the types of malicious attachments distributed via email in Q1 2022, more than half were Windows executable attachments (55%). Script files (30%) and Office documents (10%) were also popular with cybercriminals. The prevalence of Office files doubled in this period, due to the activity of Emotet, but is expected to decrease in the future, due to the blockage of the distribution route.
–