An Emotet banking trojan phishing campaign was spotted using the name of activist Greta Thunberg as a lure to target individuals concerned with climate change.
The attackers behind the campaign recently sent out fake invitations to a nonexistent “climate crisis” demonstration supposedly led by the young Swedish activist, who was named Time’s 2019 Person of the Year.
The emails came with a Word document attachment titled “Support Greta Thunberg.doc.” If a user were to open this document and enable its malicious macros, then a PowerShell command would download and execute Emotet, according to recent reports [1, 2] from Proofpoint and BleepingComputer, citing a tweet from ExecuteMalware. Once active, Emotet would run in the background while using victimized machines to distribute spam and download additional malware.
“You can spend Christmas Eve looking for gifts for children. They will tell you Thank You only that day. But the children will thank you all their lives if you come out for the biggest demonstration in protest against the inaction of the government in connection with the climate crisis,” the phishing email read, encouraging the recipient to pass the letter on to their colleagues, friends and relatives.
The campaign reportedly targeted .com and .edu email addresses, as well as addresses featuring the top-level domains of Japan, Germany, Italy, the United Arab Emirates, Australia, the U.K., Switzerland, the European Union, the U.S., Austria, Canada and Singapore. Subject lines were observed in Spanish, Italian, French and Polish.
“It’s… interesting to note that we’ve seen significant targeting of .edu domains. In fact, we saw more .edu domains attacked than domains associated with any specific country. This makes sense given the strong support Thunberg has among students and young people,” reported Sherrod DeGrippo, Proofpoint blog author and senior director of threat research and detection.
“This campaign serves as a reminder that attackers won’t hesitate to target people’s best intentions during this holiday season,” DeGrippo added. “It also serves as a mark of how significant environmental awareness has become and how well-known Greta Thunberg is globally. Attackers choose their lures carefully: in many ways their lures are a reliable barometer of public interest and awareness.”
The post Rising sea and spam levels? Emotet campaign uses Greta Thunberg as lure appeared first on SC Media.