Email phishing attack impersonates Democratic National Convention’s Team Blue initiative
Hundreds of organizations and thousands of volunteers in the United States were spammed with malicious emails attempting to spread a new round of Emotet malware. The malware attack impersonates the Democratic National Convention (DNS) Team Blue initiative. Each spam email contains a malicious Microsoft Word document. If the recipient opens the attachment and has macros enabled, malware infects their computer.
Emotet malware attacks are notorious for the high recovery costs associated with their damage. Some of these attacks have cost organizations up to $1 million USD to remediate.
“The shift to using politically themed lures comes days after the first of several 2020 U.S. presidential debates,” said researchers.
Emotet malware is one of the most costly and destructive malwares currently attacking state, local, tribal, and territorial governments as well as businesses in the private and public sectors
Yesterday, phishing emails using wording taken word-for-word from the DNC Team Blue webpage were sent to hundreds of organizations in the United States. The malicious emails contained an attached Word doc. File names varied and included names such as “Team Blue Take Action.doc” , “List of works.doc”, “Valanters 2020.doc”, “Detailed information.doc”, and “Volunteer.doc” says a report from security researchers at Proofpoint.
Phishing email subject lines varied and included “Team Blue Take Action”, “Valanters 2020”, “Detailed information”, “List of works”, “Volunteer”, and “Simply Information.”
The body of the email prompts the recipient to open the attachment. If the recipient has macros enabled on their computer, the malicious word doc will infect their machine with Emotet malware.
Emotet malware is a banking Trojan. It spreads primarily via malicious email attachments and was originally used to commit banking fraud. The attackers have expanded to spamming, stealing login credentials, and email harvesting as well as downloading other malware.
Emotet Malware Attacks
In January 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned of increasing targeted Emotet malware attacks on public and private sector businesses.
In June, the US Federal Bureau of Investigation (FBI) issued a public service announcement warning to consumers to be vigilant with the use of mobile banking apps. Cyber criminals are increasingly using imposter banking apps containing Emotet malware to steal bank login credentials.
Recently Emotet malware was delivered in phishing emails using COVID-19 related messaging, virus related news, current events, and even activist Greta Thunberg messaging.
The attackers behind Emotet malware, TA542, do not typically go after political targets. The spam emails used to spread the malware contain malicious Microsoft Word email attachments or links to Word documents. Emotet is was first used to infect devices with banking malware. It has also been used as a trojan to download Qbot, The Trick, IcedID, and Gootkit malwares.
Cyber security researchers at Proofpoint reported that nearly a quarter million Emotet messages were sent on July 17, 2020,
How to Help Stop Malware from Infecting Your Computer
- Disable macros on your computer. you don’t need this capability, then shut it off. Many malwares depend on it for auto-executing their malicious code.
- Never click on an email attachment that you were not expecting – even if you think you know the sender. Hackers can steal email logins and use them to spam thousands of people with malware.
- When in doubt, call the email sender and ask if they sent an attachment
- Protect your computer and phone with an antimalware and antivirus app