Emotet operators are running Halloween-themed campaignsSecurity Affairs

The circles behind emotet malware are trying to take advantage of Halloween, a new campaign may invite you to the Halloween party.

Threatening actors are trying to take advantage of the Halloween party, a malicious emotional campaign recently discovered by BleepingComputer, which used spam letters to invite recipients to the Halloween party.

The Emotet Trojan has been operational since at least 2014, and the botnet is controlled by a threat actor and monitored as TA542. In mid-August the malware was used in a new COVID19 spam campaign.

Recent spam campaigns have used messages or links to malicious Word documents, masking them as invoices, shipping information, COVID 19 information, resumes, financial documents or scanned documents.

This infamous banking Trojan is also used to spread other malicious code, such as Trickbot and QBot, or blackmail programs such as Conti (TrickBot) or ProLock (QBot).

Emotet is a modular malware whose operators can develop new libraries with dynamic links to update their capabilities.

The Cyber Security and Infrastructure Security Agency (CISA) recently warned of an increase in the number of emotional attacks, which have been directed against various state and local governments in the United States since August.

During this period, the Authority’s EINSTEIN intrusion detection system detected around 16 000 alerts related to the activities of emotion sets.

In a recent case on the 14th. In the campaign observed on 10 October, the attackers used different types of bait, including invoices, orders, delivery information, COVID-19 information and information about President Trump’s health.

Spam messages are accompanied by malicious attachments in Word (.doc) format or contain links to download the bait document.

Today, experts warn that the emotett campaigns that play the trick on Halloween are spam messages that try to entice victims into opening an armed investment by inviting them to the Halloween party.

The emotets gang has created an e-mail that pretends to invite you to a Halloween party to get you to open a malicious attachment.

According to experts, threatening actors use unique stories such as Happy Halloween, Halloween Party, Invitation to Party, Halloween Party Today, and so on.

The malicious files used in this campaign have different names, such as Halloween Extravaganza.doc, Halloween Pot Luck 10.31.doc, Halloween Party invite.doc and Halloween Party.doc.

It seems to have started around 10:00 UTC on the E3
Docs still standard garbage enable edition. Unique objects : Happy Halloween
Halloween Party
Halloween Invitation
Halloween Invitation
Halloween Invitation

– Joseph Rosen (@JRoosen) 31. October 2019

Source from dormant computer

Microsoft security researchers are also warning of the ongoing Halloween Emotet campaign.

Emotet, known for his use of holidays and other seasonal themes as bait, was spotted at the launch of a Halloween campaign. The emails contain the Halloween theme or party and attachments with file names such as details, party tonight, address and invitation list. pic.twitter.com/eRRIjmmvMN

– Microsoft Security Intelligence Service (@MsftSecIntel) October 30, 2020

Here is an example of text found in unsolicited emails

Honey, wallet or life?
Details in the appendix.

When opening the attachment, the receiver is asked to click on the Edit and Allow Content buttons and then install the emotet Trojan on the computer.

The template used for the Halloween campaign asks recipients to update their version of Microsoft Word and add content to it.

It is advisable not to open the investments associated with an invitation to the Halloween festival.

Pierluigi Paganini

(Security questions – Hacking, Emotet)




Related Tags: