Experts discovered a massive global Emotet malware campaign that uses the Swedish climate-change activist Greta Thunberg as a lure.
The teenage climate-change activist and Time Person of the Year, Greta Thunberg, inspires people all around the world. Apparently, this includes cybercriminals.
The copy within the email includes a few different themes:
- The renowned Swedish environmental activist Greta Thunberg
- The Christmas holidays
- Environmental awareness and activism
- Time Magazine’s recent naming of Thunberg as their Person of the Year
Researchers noted that the emails contain an attached Microsoft Word document named “Support Greta Thunberg.doc”. When the recipient opens it, the Emotet malware installs itself.
“These attacks are not only global in their targeting but also their use of native-language lures. Our researchers have seen malicious emails with subject lines in Spanish, Italian, French and Polish. You can find examples of the lures and subject lines we’ve seen in these languages as well as English at the end of this blog.” reads the analysis published by Proofpoint.
“Attackers choose their lures carefully: in many ways their lures are a reliable barometer of public interest and awareness,” Proofpoint researchers noted.
Proofpoint researchers have observed spam messages sent at email addresses in the .com and .edu domains, as well as domains associated with specific countries, including Australia, Austria, Canada, European Union, Germany, Italy, Japan, Singapore, Switzerland, United Arab Emirates, and the U.K.
The Emotet banking trojan has been active since at least 2014. The botnet is operated by a threat actor tracked as TA542. After a period of hibernation over the summer, it has surged in the third quarter; Proofpoint found that Emotet accounted for nearly 12 percent of all malicious emails in the period.
Meanwhile, in addition to the Thunberg campaign, Germany’s Federal Office for Information Security (BSI) announced this week that Emotet-laden spam emails with malicious attachments or links are currently being sent on behalf of several federal agencies.
Secure Your Organization’s Mind with Securemind.se