Emotet

Just in time for the holidays, the Emotet Trojan gang has started to send Christmas themed emails that they hope will entice you to open their attachments and become infected. They even want you to wear your ugliest Christmas sweater!

When the Emotet crew sends out a spam campaign their main goal is to get the recipient to open the attached malicious document so they are infected with the Emotet Trojan and other malware.

This is typically done using a variety of email themes such as payment invoices, payment receipts, shipping details, voicemails, and eFaxes. 

During the major holidays, Emotet takes a more festive mood by sending out holiday-themed emails that invite you to Halloween, Thanksgiving, and now Christmas parties.

Emotet wants to invite you to a party

In a new spam campaign first noted by email security company Cofense Labs, Emotet has started to send out spam emails that impersonate a Christmas party invite using subjects like "Christmas Party next week" or "Christmas party". 

These invites ask you to view an attached menu to select something you will bring and for you to wear your ugliest Christmas sweater to the party.

Christmas party invite from Emotet
Christmas party invite from Emotet

The full text of this email is:

#HAPPYHOLIDAYS

I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know.

Don't forget to get your donations in for the money tree.

Also, wear your tackiest/ugliest Christmas sweater to the party.

A later batch of spam emails pretend to be looking for the recipient's holiday schedule and will use mail subjects like:

holiday schedule 2019-2020
Our holiday schedules
holiday
holiday schedule

Attached to these emails are malicious Word documents with names like 'Christmas party.doc',  and 'Party menu.doc'. 

According to Microsoft, who also saw this new Christmas campaign, when a user opens the attachment it will say that the recipient must click on 'Enable Editing' or 'Enable Content' in order to view it.

Malicious Word Document
Malicious Word Document

When a user enables the content, though, embedded macros will be executed that install the Emotet Trojan in Windows.

Once Emotet is launched, your computer will be used to send further spam, download TrickBot to steal your data, and possibly end with a ransomware stocking stuffer.

If you receive an email with an invite to a Christmas party, don't let Emotet be a grinch, and simply do not open the attachment.

Related Articles:

Here are the new Emotet spam campaigns hitting mailboxes worldwide

Emotet malware is back and rebuilding its botnet via TrickBot

Microsoft Defender scares admins with Emotet false positives

Flubot Android malware now spreads via fake security updates

Over nine million Android devices infected by info-stealing trojan