Emotet Gang Switches to Highly Customized Templates Utilizing Stolen Email Content from Victims

Beginning the morning of April 9th, the Emotet gang began utilizing what appears to be the stolen emails of their victims. It was noted back in October of 2018 that a new module was added that could steal the email content on a victim’s machine. Up until now, no evidence of real widespread use was seen. This marks a major evolution in the way Emotet works.

Turning a blind eye: How end-users and NLP AI are being tricked by clever phishing techniques like ZeroFont

Overview

Recently, an older email security detection bypass method was seen being used to successfully surpass Microsoft’s spam and phishing filters. This technique described above makes use of two methods and was dubbed “ZeroFont Phishing” by Avanan. ZeroFont Phishing is the method when attackers insert random strings within keywords or phrases that many artificially intelligent systems use to identify malicious or suspicious content.  When these strings are placed within the HTML span tags mixed with setting the font-size attribute to zero, they become invisible to the end user, but  simultaneously appear to neuter the ability of existing Natural Language Processing (NLP), Machine Learning (ML), and Artificial Intelligence (AI) systems to understand what is in the plaintext of the email. In the majority of implementations NLP attempts to understand the meaning of email text to determine context and patterns that will assist in overall classification. These methods are not new, so we decided to take a deeper look at these older techniques and explore the potential variants that could have similar results.