Emotet hackers are rapidly sending out phishing email messages with the intention of scamming the recipients into believing that they are receiving Christmas party menus.
In the messages there are attached files that will lead to malware infections. Various types of payloads can be delivered, however one of the most common ones are Trojans.
Fake Party Menus Malware Delivered in Latest Emotet Campaign
An unknown hacking group has been found to orchestrate a dangerous phishing campaign targeting home users. This time the criminals are using the Emotet botnet in order to lure the victims into believing that they are receiving legitimate party menus for the upcoming holidays. The emails include template contents that are designed to resemble the suitable senders. When they are opened the victims will see that there are attached files. The subject lines of the messages will be “Christmas” or “Christmas Party” as part of the scam campaign.
The contents of one of the emails reads the following message:
“I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know. Don’t forget to get your donations in for the money tree. Also, wear your tackiest/ugliest Christmas sweater to the party.”
The final payloads can be different depending on the attack campaign and most of the infections are done via infected Microsoft Word documents that are attached to the documents. Note that any other of the popular document types can be used as well: presentations, spreadsheets and databases. All of them can include the same dangerous macros that is used to deliver the malware. Common malware that is delivered includes the following:
- Trojans — These threats will install a local client that will establish a secure connection to a hacker-controlled server that will enable the criminals to take over control of the infected machines and steal the stored data.
- Ransomware — These are among the most dangerous virus types, they will use a built-in list of target file type extensions which will be processed by a strong cipher and rendered inaccessible. The users will then be blackmailed into paying the hackers a set decryption fee in return for access to their files.
- Miners — These are dangerous cryptocurrency miners that can be run from simple scripts. They will download a sequence of complex mathematical tasks that will place a heavy toll on the performance of the machines: CPU, memory, disk space and the GPU. For every completed task the victims will receive cryptocurrency assets directly to their wallets.