Climate-change activist, the lure in a malware campaign

Greta Thunberg, the climate-change activist, became the lure in a massive global malware campaign.

Cybercriminals took advantage of the celebrity status of Greta Thunberg. Proofpoint Threat Insight unveiled that a global malicious email campaign delivering the Emotet malware is using the Swedish environmental activist as a lure.

The email includes the Time nomination of the climate-change activist and the Christmas holidays. This contains an attached Word document – “Support Greta Thunberg.doc”. Once the victims open the recipient, the Emotet malware is installed.

The researchers discovered emails sent in English aimed to the .com and .edu domains. Also, they mentioned that the attackers also aim country-specific domains. So, the named Australia, Canada. E.U., Japan, Singapore, Switzwerland, United Arab Emirates and the UK. Still, they noticed that there are more .edu domains attacked than those associated with any specific country.

“These attacks are not only global in their targeting but also in their use of native-language lures. Our researchers have seen malicious emails with subject lines in Spanish, Italian, French and Polish,” they said.

“Attackers choose their lures carefully: in many ways their lures are a reliable barometer of public interest and awareness,” Proofpoint researchers pointed out. The fact that they do it during the holiday season is not a random choice. It is the time of the year when people pay less attention to the security. Also, they are more likely to involve in charitable acts and in supporting activists, trying to be better for Christmas.

Emotet evolves permanently

Emotet was at the beginning, back in 2014, a banking trojan. But, since then it has been evolved and it is now a full-service threat-delivery mechanism. After a period of absence, during the summer, it reappeared in the third quarter. In fact, Proofpoint found that Emotet accounted for nearly 12 percent of all malicious email in the period.