Emotet phishing campaign resumes after bug fix

Emotet malware operators have restarted their newly-launched phishing campaign after fixing a vulnerability that prevented infections when malicious email attachments were opened, BleepingComputer reports. Password-protected ZIP file attachments with Windows LNK files impersonating Word files have been discovered in the new campaign, which was just launched on Friday, with double-clicks on the LNK file prompting the execution of a command that eventually triggers a Visual Basic Script file. However, a vulnerability in the command that leveraged a static shortcut name different from the actual name of the file prompted command failure, according to Cryptolaemus. While the campaign was shut down immediately after the discovery of the flaw, the issue has been addressed by Emotet yesterday, with the group recommencing the delivery of malicious emails that now refer to the proper file names upon command execution. Several email attachments leveraged in the relaunched Emotet campaign have been detailed by email security firm Cofense.