Don’t open that Christmas party email - it could be swarming with malware

Emotet botnet malware hidden within fake Christmas party invites

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers are looking to kill off the Christmas spirit by hiding malware within fake office party emails.

Research from security firmCofensehas uncovered evidence that cybercriminals behind the dangerous Emotet botnet are using holiday-themed phishing emails to trick victims.

Having first appeared around Halloween at the end of October, the company is now warning the same tactic is now being used to lure in workers excited for the holidays with fake emails concerning office Christmas parties.

Tricked

Tricked

Cofense discovered emails with titles such as “Christmas party next week” that appeared innocent, but came with a macro enabledMicrosoftWord attachment disguised as menu options for a festive meal. The messages were often built around templates that came from scrapped inboxes to leverage real email conversations, making them appear legitimate, even featuring translations for different markets.

Asking the user to “enable editing” to view, clicking on the attachment will execute the embedded macros and install the Emotet malware, which could provide various groups with he means to attempt ransomware downloads, more spam and phishing emails.

Cofense says that despite the low-key deisgn is often a major giveaway to fake emails, especially the use of the outdated .doc Microsoft Word format, as well as a bare-bones design which should have helped it stand out.

However such emails still pose a very valid threats to businesses of all sizes, and should be used in order to help train and improve phishing detections programs across all industries.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“If your phishing defense program is aligned with active threats hitting organizations, then this is exactly the template you should be using to train your users to identify a real phish,” Tonia Dudley from Cofense Security Solutions wrote in a blog post outlining the news.

Recent figures fromMalwarebytessaw deterctions of Emotet soar 37 percent as cybercriminals look to target a wide range of businesses.

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)