Summary
Threat actors often try to bandwagon on current events to trick their victims into falling for their lures. To this end, Emotet also this year sending fake Halloween party invitations to potential victims. While the basic concept behind the fake Halloween party invitations this year is the same as last year, the variety in email texts has increased.
Analysis
At around 2020-10-29 12:30 UTC Hornetsecurity’s email filters registered the first Emotet malspam emails containing Halloween party invitation themed lures. The event lasted for around 3 hours and accounted for around 50 % of Emotet malspam, as can be seen from the following time histogram stacking Emotet malspam emails by subject:
Unlike the Emotet Halloween party invitations of 2019, which varied only in the subject lines and attachment names, this years emails provide different email body text templates as well.
In 2019 only the following email text could be observed:
The Emotet malware itself has not changed. Hornetsecurity already reported on Emotet extensively.1,2,3,4
Conclusion and Countermeasure
It seems that Emotet’s fake Halloween party invitations are now a yearly thing that email uses need to watch out for.
Emotet’s malicious attachments are caught by Hornetsecurity’s Spam Filtering and Malware Protection. Hence, Hornetsecurity customer’s Halloween is not ruined by falling for Emotet’s fake Halloween party invitations.
References
- 1 https://www.hornetsecurity.com/en/security-information/awaiting-the-inevitable-return-of-emotet/
- 2 https://www.hornetsecurity.com/en/security-information/emotet-is-back/
- 3 https://www.hornetsecurity.com/en/security-information/webshells-powering-emotet/
- 4 https://www.hornetsecurity.com/en/security-information/emotet-update-increases-downloads/
Indicators of Compromise (IOCs)
Email subject lines
Inviting friends to your Halloween ExtravaganzaParty tonightHappy HalloweenHalloween partyHalloween Pot Luck 10.31Party invitationHalloween invitationHalloweenHalloween party invitationHalloween Party
