Emotet Trojan Brings a Malware Scare with Halloween Emails

by chebbi abir

The Emotet Trojan is celebrating Halloween by pushing out new spam templates that want to invite you to a neighborhood party. While these emails promise you a treat, in reality Emotet is tricking you into installing an infection.

For those not familiar with Emotet, it is a malware infection that is spread through spam emails containing malicious documents. These documents install the Emotet Trojan on the victim’s computer, which then installs other malware and uses the victim’s computer to send out more spam.

To take advantage of the holiday, the Emotet gang has changed their email template to use new themes that pretend to invite you to a Halloween party.

We first heard about this new template from Joseph Roosen of the Emotet tracking group Cryptolaemus and email security firm Cofense Labs, who was kind enough to send BleepingComputer some images of the new theme as shown below.

Halloween Email 1 Halloween Email 2
Click each image to see in full size

While the time and text of the different emails are slightly different, the general idea is that you are being invited to a Halloween party using the following text:

Dear Neighbors and Friends,

It is Halloween and time for TREAT OR TRICK.

Please join us for a casual dinner party on Halloween night, Oct.31, 2019 starting at 6:00pm. Come and say hello to your neighbors and enjoy some food and drinks.

We are looking forward to a fun day and kindly respond with an email to make sure we have enough TREAT for you.

Details in the attachment.

Cofense told BleepingComputer that the top email subjects being used in this campaign are:

Party invitation
Halloween party invitation
Happy Halloween
Party tonight
Halloween party
Halloween Party
Halloween invitation

Each of these emails contain a word document that pretends to be the Halloween party invite. According to Cofense, the most commonly used attachment names are:

Halloween party invitation.doc
Halloween party.doc
Happy Halloween.doc
Halloween invitation.doc
Halloween Party.doc
Party tonight.doc
Party invitation.doc

If a user opens the attachment they will be greeted with the standard “Enable Content” button that when clicked will install the Emotet Trojan on the computer.  So don’t click it 🙂

Malicious document
Malicious document

I have to be honest, after opening the attachment it was a little disappointing to find that the document template didn’t change into an orange and festive party invite, but I guess you can’t have it all.

So if you receive an email with a last minute invite to a Halloween party, do not open the attachment as, unlike Halloween candy, doing so will not be a pleasant experience.

Btw, is anyone else as curious as to who “The Michael” is?


To read the original article :



Interdit de copier  ce contenu