Alert! Emotet Malware Makes File Size Bigger To Avoid Antivirus Detection

JAKARTA - Kaspersky experts have witnessed new Emotet-related activities since March 7. This type of malware uses file pumping or excess byte addition which makes the infected MS office file more numerous and, as a result, more difficult to detect by cybersecurity solutions.

This malicious file, which is then distributed via phishing emails under the guise of Microsoft office documents, has affected users around the world.

More than that, cybersecurity experts say that the highest number of victims are people in countries from the European Union, Asia Pacific, and Latin America.

Based on Kaspersky's explanation, Emotet is a computer malware program that was originally developed in the form of banking trojans. The goal is to access foreign devices and spy on sensitive personal data.

Emotet is well known in tricking basic antiviral programs and hiding from them. In an ongoing campaign, cybercriminals have introduced techniques involving increasing file size to avoid detection.

This technique is called file pumping (film pumping) and has been used by different threat actors, however, it is also the first opportunity Emotet has used to raid Microsoft office documents with malicious codes.

Dangerous files have been distributed as phishing email attachments. As JCERT reports, attackers deliberately enlarge attached ZIP archives: malicious media files exceed 500 MB. The top 10 countries affected by malicious campaigns related (a percentage of affected users):

Italy - 11.8 percentMexico - 10 percentJapan - 9.9 percentVietnam - 7.8 percent Brazil - 5.2 percentIndonesia - 4.8 percentMalaysia - 4.6 percentGermany - 3.6 percentThailand - 3.5 percentTurkey - 3.5 percent