{
	"id": "0a7f5e10-edd5-4fda-9d39-073ab95d1ff2",
	"created_at": "2026-04-06T02:12:17.13071Z",
	"updated_at": "2026-04-10T13:12:39.268903Z",
	"deleted_at": null,
	"sha1_hash": "17f331c0771145690da89b72c5a2b9a0bb9175a3",
	"title": "Emotet double blunder: fake \u0026lsquo;Windows 10 Mobile\u0026rsquo; and outdated messages",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1215815,
	"plain_text": "Emotet double blunder: fake \u0026lsquo;Windows 10 Mobile\u0026rsquo; and\r\noutdated messages\r\nBy Ionut Ilascu\r\nPublished: 2020-09-22 · Archived: 2026-04-06 02:03:33 UTC\r\nThe Emotet botnet has switched up their malicious spamming campaign and is now heavily distributing password-protected\r\narchives to bypass email security gateways.\r\nThis campaign started on Friday with documents claiming to be created on the expired Windows 10 Mobile and continued\r\nwith a large volume of messages pretending to be made on Android.\r\nDumb and dumber\r\nTrying to trick users into enabling macros to see documents created on a different operating system may be a convincing\r\nstratagem but using Windows 10 Mobile (since the beginning of the month) is a blunder since the OS reached end of life in\r\nJanuary 2020.\r\nhttps://www.bleepingcomputer.com/news/security/emotet-double-blunder-fake-windows-10-mobile-and-outdated-messages/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/emotet-double-blunder-fake-windows-10-mobile-and-outdated-messages/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nMicrosoft says that Emotet switched the ruse on Monday and started to deliver documents claiming to be made on Android\r\nand that “Enable Content” (thus activating embedded macro code) needs to be clicked to view the document.\r\nsource: Microsoft\r\nEmotet operators blundered again by using outdated text in the email subject and body. This should be a clear tell for\r\nrecipients, making it easy for them to spot the compromise attempt.\r\nMicrosoft announced early today that Emotet targeted various regions of the world with localized emails. Some of the\r\nlanguages used are English, French, and Italian.\r\nThe theme varies from invitations to meetings and order confirmations to reports, all of them being compressed into a\r\npassword-protected archive.\r\nAfter recipients extracted the attached document using the password provided in the email body and open it, they launch the\r\nembedded malicious macro that downloads the Emotet payload (some sources indicate it is QakBot in most cases).\r\nHowever convincing the messages may be, as seen in the screenshots from Microsoft, they are obsolete, mentioning dates\r\nfrom 2013 and 2014.\r\nsource: Microsoft\r\nOperation Zip Lock has been ongoing for weeks\r\nWhile Microsoft noticed this campaign on Friday, the Cryptolaemus group of researchers fighting Emotet say that this has\r\nbeen happening for so many weeks that they named it Operation Zip Lock.\r\nEmotet has used password-protected in the first half of 2019 (confirmed by Trend Micro) but Cryptolaemus says that this\r\ntime the distribution is through Epoch 3 - a subgroup of the botnet with separate infrastructure.\r\nhttps://www.bleepingcomputer.com/news/security/emotet-double-blunder-fake-windows-10-mobile-and-outdated-messages/\r\nPage 3 of 4\n\nThe group says that organizations in Japan were targeted this way since at least September 1 and that the method then slowly\r\npropagated to Epoch 1 and 2 this month, being used by all three Emotet Epochs starting September 14.\r\nLast week, TrickBot pulled a similar stunt by sending out documents with protected access. They were not archived, though.\r\nThe lures varied from orders, invoices, documents, and the less and less common \"new coronavirus case\" theme.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/emotet-double-blunder-fake-windows-10-mobile-and-outdated-messages/\r\nhttps://www.bleepingcomputer.com/news/security/emotet-double-blunder-fake-windows-10-mobile-and-outdated-messages/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/emotet-double-blunder-fake-windows-10-mobile-and-outdated-messages/"
	],
	"report_names": [
		"emotet-double-blunder-fake-windows-10-mobile-and-outdated-messages"
	],
	"threat_actors": [],
	"ts_created_at": 1775441537,
	"ts_updated_at": 1775826759,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/17f331c0771145690da89b72c5a2b9a0bb9175a3.pdf",
		"text": "https://archive.orkl.eu/17f331c0771145690da89b72c5a2b9a0bb9175a3.txt",
		"img": "https://archive.orkl.eu/17f331c0771145690da89b72c5a2b9a0bb9175a3.jpg"
	}
}