The holiday season is upon us and bad actors also want to make the most of it by enticing the users engrossed in the festive mood. Emotet Trojan, a popular banking trojan that has been active since 2014, has started a new phishing campaign under which it is sending malicious emails with infected attachments.
First spotted by Cofense Labs, an email security company, Emotet group has started a spam campaign trying to lure their potential targets by sending them emails that resemble Christmas party invites. The emails have catchy titles like “Christmas Party next week” or “Christmas party”. The idea behind this spam campaign is to fool users into opening the emails to install Emotet Trojan and other malicious malware.
The mail asks users to open the attachment to select a thing you can bring to the party. Hilariously, it also asks users to wear their “tackiest/ugliest Christmas sweater” to the party.
Spam emails sent by Emotet Trojan have attachments having names like “Christmas party.doc” or “party menu.doc”.
When a user opens the attachment in Microsoft Word, the word processor asks them to ‘Enable editing’ or ‘Enable content’ to view it. Upon enabling the content, embedded macros are executed to install Emotet Trojan in Windows.
Once Emotet Trojan has hosted your PC, it will install TrickBot and other ransomware to steal your data.
We recommend our users to be wary of suspicious Christmas themed emails and refrain from opening attachments bundled in such emails.