Beware of Thanksgiving eCard Emails Distributing Malware (Nov 28, 2019)
Thanksgiving is being celebrated across the US and threat actors have been circulating themed spearphishing emails that will deploy the Emotet Trojan as well as other malware. Emails are being sent masqueraded as Thanksgiving greeting e-cards with attached word documents. Once the user clicks on the attachment to view the “greeting” it tells the users that to view the “greeting” accordingly they must click on “Enable Content” or “Enable Editing”. What this does if clicked, will execute macros that will install the modular malware Emotet. It will be used to download other malware which can allow the threat actor to steal cached passwords, give remote access to the users machine or deploy ransomware.
Recommendation: It is important for organisations and the public to be constantly aware of new techniques being used since threat actors are adapting their campaigns to the ever-changing security environment. Education is the best defence, teach your employees what a phishing and spearphishing email may look like, and whom to report it to should such an email be identified.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.