In recent days, several countries have reported the return of Emotet.
In recent days, several countries have reported the return of Emotet. Now, such spam emails from .ch senders have also been observed. Emotet is often hidden in Microsoft Office files and requires macros to install the malware on the IT system, e.g. a computer. These attacks can affect private users, as well as companies, authorities and critical infrastructures. The NCSC recommends being extremely cautious, especially in the case of emails with attached files.
In January 2021, Europol announced a major operation, dubbed Operation Ladybird, to disrupt Emotet, which involved taking command and control servers offline and having Europol take over the botnet. In recent weeks, however, security experts from all over the world have reported renewed attacks with this malware. In the past few days, Emotet has also been observed in Switzerland, with emails containing infected attachments being sent from four ".ch addresses". The attached Excel files contain malicious macros. Therefore, the NCSC recommends, as a matter of urgency, blocking Microsoft Office documents on email gateways (.xlsm, .docm).