Scammers Impersonate German Authorities to Distribute Emotet

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

According to a piece by Bleeping Computer, there’s an active malspam campaign right now where scammers are impersonating various German federal authorities. Their goal is to convince the recipient of the emails about their spoofed identity and have them download the Emotet trojan on their systems. Emotet is a dangerous malware that has been around since 2014, constantly evolving and remaining relevant until today. The particular software is used as a botnet that retrieves other payloads such as the Trickbot banking Trojan or the Ryuk ransomware.

As confirmed by Cofense Labs researchers, the current Emotet campaigns are leveraging 3362 compromised systems, uses 1875 unique domains, and over 400 TLDs (top-level domains). The problem for the people is that several of the compromised systems belong to federal administration authorities, as this has been confirmed by the official IT entity in the country, the Bundesamt für Sicherheit in der Informationstechnik. This means that many of the spam messages that are sent to the people come directly through the real authorities, which makes it impossible to identify something “phishy” on the email address. Right now, the authorities are actively cleaning up the primary infections, so the effects are minimized.

The recipients of any unexpected or unsolicited emails should carefully read the message trying to find typos and mistakes that shouldn't be there. Moreover, it is never a good idea to enable macros on your office suite, unless you absolutely need it. Even then, do not download and open a document that comes in such a message. If you have received one, notify the impersonated authority immediately and share all the information that you can. Remember, your action can potentially help hundreds if not thousands of unsuspecting citizens to stay safe from this kind of scamming tricks.

In general, Emotet infections are on the rise again and have been since the mid of September. Some campaigns are impersonating the German authorities, others are using Christmas-themed lures, and others are spoofing well-known companies from the United States or the United Kingdom. Whatever the case, always stay calm and never jump into any action when you encounter a strange message in your inbox.

https://twitter.com/CofenseLabs/status/1205567226767654913

Have you received any Emotet-containing emails lately? Share the details with us in the comments down below, and share this post through our socials on Facebook and Twitter, to help our warning reach everyone out there.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: