Cybercriminals behind Emotet, one of the most prolific botnets in recent history, have ramped up a new Christmas-themed phishing attack. It lures victims to download malicious attachments related to "menus" for an upcoming Christmas party.
See the hashes, what engines are detecting and other details in PolySwarm:
Christmas Party.doc -> https://polyswarm.network/scan/results/c4b7066a-5da2-413d-940e-4014f64478a4
Using subject lines like “Christmas” or “Christmas Party” clearly their tapping into the timeliness of the holiday to get their victims to click.
One of the phishing emails reads as follows:
“I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know. Don't forget to get your donations in for the money tree. Also, wear your tackiest/ugliest Christmas sweater to the party.”
Once installed victims could be subject to ransomware downloads, spam and other phishing emails.
Emotet is well-known as a banking Trojan but appears to have new functionality as a malware loader, using victims as a malware distribution network.
Related dropper samples from this Christmas email phishing campaign, currently active:
PolySwarm is a threat intelligence platform that focuses on new and emerging malware. It uses an open source, crowdsourced model where specialized individual experts and niche antivirus companies compete to detect 0-day threats in real-time to protect enterprises. Accuracy and early detection are rewarded, and the coverage of their anti-malware engines is combined into a single access point. Try it out at polyswarm.network.