Emotet

Recent spam campaigns claiming to be from the Team Blue project of the Democratic National Convention, Emotet is now taking part in the U.S. 2020 Presidential election.

When spam is sent out by the Emotet gang, their main purpose is to induce recipients to open the malicious document attached. Typically this is achieved by email themes that appear to be records, invoices, payment receipts, and voicemails for shipping.

Emotet is known to submit more intricately-themed emails during the holidays or significant political events to persuade users to open attachments. These emails include invitations to holiday parties or even a show by Greta Thunberg.

The Emotet malware will be installed on a device once the attachments are opened and macros activated. Your emails will then be hacked and your computer used to send out more spam.

Emotet can install other malware that could lead to a ransomware attack on your network, such as TrickBot or QakBot once they gain access to a system.

Emotet exploiting the 2020 election

Just days after the first Presidential debate, a new spam campaign claiming to be from the DNC is being thrown out by the intimidating actors behind Emotet.

This latest campaign pretends to be from the ‘Team Blue Take Action’ program of the Democratic Party to ask volunteers to help Democrats get elected in the 2020 elections.

Team Blue Take Action Emotet spam

Source: ProofPoint

The spam emails use email subjects such as ‘Crew Blue Take Action”,’ Valanters 2020 “,’ List of works’ and ‘Volunteer” according to ProofPoint, who noticed this new Emotet initiative.

To fit the volunteer theme, the malicious documents are also called and contain filenames such as ‘Crew Blue Take Action.doc’,’ List of works.doc’,’ Valanters 2020.doc’, and ‘Volunteer.doc.’

The attached documents will claim to be created from an iOS device when opened and prompt you to ‘Allow Content’ to properly display it.

Malicious Word Document Attachment

Source: BleepingComputer

However, once you allow content, malicious macros that download and install the Emotet trojan on your device will be released.

Emotet installed

Source: BleepingComputer

If successful, while using your computer to send out more spam and download other malware to your computer, the Trojan will quietly run in the background.

Never open attachments from someone, as a general rule, without checking over the phone that they have actually sent you the file. You should also always be vigilant about allowing any attachment you get to have material or macros.