Christmas-themed phishing at work

Christmas-themed phishing lures hit users’ emails from spammers behind Emotet. According to researchers, Cofense Labs discovered the phishing emails.

The attackers are trying to gain legitimacy with subject lines such as “Christmas” or “Christmas Party”. One phishing email posted to Twitter by the Cofense Labs read:

“I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know. Don’t forget to get your donations in for the money tree. Also, wear your tackiest/ugliest Christmas sweater to the party.”

Usually, these emails have malicious Word documents attached. Thus, two of their names are “Party Meny” and “Annual Holiday Lunch”. In order to read them, users have to “enable editing”. But clicking on the button executes embedded macros to install the Emotet Trojan. Once installed, the hackers can attempt ransomware downloads, send more spam and phishing emails.

Emotet’s evolution

Emotet was at the beginning a banking Trojan. Then, hackers rewrote it to act as a malware loader. Its operators sell access for anyone interested to use it as a malware distribution network.

In just nine months, between January and September 2018, Emotet malware was detected and removed over 1.5 million times, according to Malwarebytes. In July, US-CERT decided to realease an alert about it and its capabilities, which means the threat became very serious.

Christmas-themed phishing is not at all uncommon. In 2018, such a campaign targeted users in the United Kingdom. Trend Micro warned them at the time and worked to convince them automatically disable micros in their security settings.

Such moments are the ones preferred by hackers. When people are more relaxed and think about the nice things, they tend to forget that there are many serious threats in the online world. So, they pay less attention to the source of the messages they receive and tend to open such kind of emails.