Fan of Greta Thunberg? Be alert! Attackers are after you

  • Attackers used Thunberg’s universal appeal as a bait in the new campaign.
  • The attack was focused on .edu domains used by educational institutions and their pupils.

Crooks have found yet another way to monetize their malicious operations. Researchers found attackers spread a new Emotet malware campaign that uses Swedish climate-change activist Greta Thunberg’s popularity as a bait. Last week, she won Time Magazine’s “Person of the Year” award.

What researches found?

Recently, security experts came across the socially engineered malware campaign that targets individuals across Europe and Asia.

  • Attackers used Thunberg’s universal appeal and interest in the new campaign.
  • The trojan is aimed at installing the Emotet banking trojan in as many computers as it could find.
  • The threat is carried in a Microsoft Word attachment entitled “Support Greta Thunberg.doc.”

Here’s what you can expect to see in your email?

The campaign was seen to be heavily focusing on .edu domains used by educational institutions and their pupils.

As suggested by experts, such emails may combine the following four elements:

  • The renowned Swedish environmental activist Greta Thunberg
  • The Christmas holidays
  • Environmental awareness and activism
  • Time Magazine’s recent naming of Thunberg as their “Person of the Year”

Also, the attackers geo-localized subject lines and samples. For example, the messages sent to the Italian recipients had the subject lines such as Sostieni Greta; Sostieni Greta – Time Person of the Year 2019; Sostieni Greta Thunberg; Sostieni Greta Thunberg – Time Person of the Year; Sostieni Greta Thunberg – Time Person of the Year 2019. When the recipient opens the message, the Emotet Trojan is installed.

It is advised for all internet users to remain cautious in opening any such unsolicited emails.