The Emotet malware is now distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software.
Emotet is a notorious malware infection that spreads through phishing emails and malicious attachments. Once installed, it will steal victims’ emails for other spam campaigns and deploy malware, such as TrickBot and Qbot, which commonly lead to ransomware attacks.
The threat actors behind Emotet are now infecting systems by installing malicious packages using a built-in feature of Windows 10 and Windows 11 called App Installer.
Researchers previously saw this same method being used to distribute the BazarLoader malware where it installed malicious packages hosted on Microsoft Azure.