Emotet hackers have taken advantage of controversial events (as in the case of Greta Thunberg or the COVID-19) to scam online, but this was the first time they leverage political themes.

They started targeting hundreds of U.S. organizations starting October with a trojan-powered spear-phishing campaign (deadliest tool). It was intended to disguise as a potential volunteer-recruiting email from the Democratic National Committee.

How Emotet Hackers Used the Democratic Party For Their Scam

Who received such emails noticed Word Document attachments named “Team Blue Take Action.” But the only thing left inside was a TA542 malware infection. 

As an A/B test, other subject lines included “Valanters 2020,” “List of Works” and more. The names of the files attached also were varying between “Detailed information.doc” and “Volunteer.doc.” 

All of it is results from disinformation starting to propagate due to November’s 2020 Presential elections in the U.S., which is hard to understand from a non-American standpoint, but easy to click as fast as possible, as an insider voter. 

Here’s a sample of the spear-phishing email:

 Emotet Democrat Party Phishing Email

(Credit Source: Proofpoint)

Taking a look at the timeline of the events, the email scam sent to thousands of U.S. citizens took place in the same week that President Donald Trump and Democratic challenger Joe Biden had their first debate….

Emotet followed their formula again for this new attack: widespread media coverage. 

The body of the email emits a clear message. It describes Team Blue, the DNCs’ 2018 volunteer recruitment program. This one was taken directly from a page of the Democratic National Committee’s website

It also states that Team Blue is being relaunched for 2020’s campaign. 

After that, you can notice a direct call-to-action to “please open the attached document.” But what happens if/when you do so?

Emotet malware (Trojan) will automatically download and install into your computer after clicking into this Word document.  This is due to its macros content shaped as a Qbot trojan or The Trick.

You can find online a lot of information related to Emotet and its full-service threat-delivery mechanism. It started as a banking trojan in 2014 and has continued to evolve into the public menace we know now.

Emotet works as a bulk malware installer, which then dedicates to steal information, harvest email, ransom, and self-propagate until someone manages to stop it. 

You could think that a threat that has been around for half a decade could now be isolated, but Emotet has only taken a 5-month “rest period” since its last spotting: a spam campaign focused on Microsoft Office users. 

Other two Emotet campaigns were detected close to that time.

The first one is dated the past in February 2020. This one was more of a smishing scheme (SMS scams) directed to the financial industry. 

It worked like this: if a victim clicked on the links inside the text message, he/she would be asked to insert their banking credentials.

After that happened, it would also ask you to download a file including the Emotet trojan. The other one (also in February) could spread throughout unprotected Wi-Fi networks, to reach nearby devices and affect the end-user. 

So far, cybersecurity agencies in Japan, France, Italy, and New Zealand have reported Emotet activity around the world, turning the alarms once again, throughout the world. 

Have you received any political-themed email very recently? Be careful.

Take full attention to these and others from different topics. 

Remember this is just one of a thousand others who take advantage of social engineering. 

You can learn more about Phishing here (click the previous link). 

And you can also get full protection and advisory from our Houston-based IT experts if you need it so… Believe me, you will need a helping hand sooner than ever.