Threat actors behind the Emotet Trojan are sending Christmas themed phishing emails, enticing users to open the malicious attachment.
Spotted by Cofense Labs, Emotet sends out spam emails that appear to be a Christmas party invite, by using subjects like “Christmas Party” or “Christmas Party next week”.
The invite says: “I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know. Don’t forget to get your donations in for the money tree. Also, wear your tackiest/ugliest Christmas sweater to the party.”
The invites ask users to view an attached menu of the Christmas party. Once a user opens the attachment, the document requires them to “enable editing” to view, however upon clicking, embedded macros will be executed that install the Emotet Trojan.
Once installed and launched, the users’ computer will be utilised to send more spam and phishing emails, download TrickBot to steal their data and even attempt ransomware downloads.
Back in 2018, Trend Micro warned of a similar Christmas phishing campaign targeting UK users, to which they were advised to disable macros in their security settings.
During Halloween, the infamous malware was sending out spam emails inviting users to a Halloween party.