Researchers noted notorious spam email activities camouflaged as official notifications related to coronavirus.
A group of researchers reported a malspam campaign disguised as notifications to provide more details on preventive measures against coronavirus infections, which is currently an epidemic in China.
Earlier, the Emotet gang rode on the back on similar trending events where it targeted people using custom holiday for Christmas and Halloween, and used fake invites to a Greta Thunberg Demonstration to lure targets.
How coronavirus spam mail works?
Reports from the infosec community suggest that the malspam campaign used stolen emails (as a template) from previously compromised accounts to attempt and infect the recipients. Some experts indicated that "Japanese in the subject and file names are strange" and that makes the emails look more sophisticated in comparison with other Emotet distribution attempts.
The IBM X-Force Threat Intelligence team noted that, "The subject of the emails, as well as the document filenames, are similar, but not identical... they are composed of different representations of the current date and the Japanese word for 'notification', in order to suggest urgency.”
Some of the email samples also had the address of the institution that supposedly sent the coronavirus infection notification for added authenticity in the footer.
Objectives of Emotet attacks
Usually relying on spam emails, Emotet actors attempt to trick their prospective recipients into opening email attachments, which, when opened, result in the download and installation of the malware.