Malicious Thanksgiving eCards Deliver Emotet, Other Malware

Instead of greetings and holiday cheer, malicious Thanksgiving Day eCards have been found spreading the evolving modular malware Emotet as well as other malware families.

Bleeping Computer reported that they have observed spam email campaigns involving malicious Word documents that are disguised as Thanksgiving Day greeting cards. The malicious document will instruct the victim to “Enable Content” or “Enable Editing,” which is a ruse to download the malicious macro on the victim’s computer. In effect, the downloaded malware steals passwords, provides a backdoor to cybercriminals, or in the case of Emotet, even install ransomware.

It should be noted that a few months ago, Emotet, which is normally distributed via spam email, has resurfaced and was found to have been sent via malicious emails under the guise of former CIA contractor and NSA whistleblower Edward Snowden’s memoir, “Permanent Record.”

According to the same Bleeping Computer report, another spam campaign was discovered by Cryptolaemus, which also contains a malicious Word file.  Instead of pretending to be a Thanksgiving greeting, the campaign distributes fake work-related or finance-related information. However, it banks on the holidays to prompt victims into opening the malicious attachment immediately, as the email template lists down the holidays that their office is closed, such as Thanksgiving, Christmas, and New Year’s.

Interestingly, the malicious emails in this campaign have been written to come off as a response to a previous email.

Defending against social engineering and spam

Social engineering can take many forms — many of which need only a working knowledge of how people think and act. These kinds of scams can prove extremely lucrative for threat actors — hence their popularity. The following best practices can help organizations protect themselves from social engineering attacks:

  • Email is a common platform for social engineering attacks. Therefore, users should refrain from interacting with elements that can be exploited by threat actors, such as malicious attachments and phishing URLs.
  • Look for suspicious elements when it comes to emails and other forms of communication. For example, an invoice arriving without any context could be a sign of a social engineering attack.

[Read: More ways to defend yourself against phishing attacks]

To protect users against spam, enterprises can take advantage of Trend Micro™ endpoint solutions such as Trend Micro Smart Protection Suites and Worry-Free™ Business Security. Both solutions protect users and businesses from threats by detecting malicious files and spammed messages, and blocks all related malicious URLs.

To bolster their security capabilities and further protect their end users, organizations can consider security products such as the Trend Micro Cloud App Security solution, which uses machine learning (ML) to help detect and block phishing attempts. If a suspected phishing email is received by an employee, it will go through sender, content, and URL reputation analysis, which is followed by an inspection of the remaining URLs using computer vision and AI to check if website components are being spoofed. The solution can also detect suspicious content in the message body and attachments, and provide sandbox malware analysis and document exploit detection.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.