Emotet botnet malware hidden within fake Christmas party invites

Malware Found In Fake Christmas Party Invite

Beware: Your Christmas party emails could be infected with malware

Nobody likes downers when it comes to the holiday spirit. No matter where we are, we all love to bask in the Christmasy atmosphere. However, much like The Grinch, hackers are looking to kill the mood. They’ve resorted to what they know best: malware. This time, they’ve veiled it behind a cheerful Christmas party invite.

Cofense recently conducted a research and uncovered a dangerous email making the rounds of several email inboxes. Though Christmas is here now, the first damage by such an email was already reported on Halloween, leading Cofense researches to believe that the hackers are using whichever holiday’s current to mask off any suspicion. The premise is simple: hard-working employees are eagerly awaiting the festivities to blow off steam. Hackers know even some of the diligent people won’t think twice about opening a party invite. Hook, line, sinker.

The Technical Nitty-gritty

The malware behind these email baits is none other than the Emotet Botnet, a well-known banking malware which had first surfaced way back in 2014 as a deadly means to steal sensitive information.

Being a Trojan itself, it has worm-like customisation that allowed it to replicate itself rapidly. At one point, it grew to such an extent that Homeland Security had to declare Emotet was the most costly and destructive malware, affecting individuals and corporations alike, and costing more than $1M per incident to mitigate its effects.

Emotet is primarily spread through spam emails (malspam). The malicious code may be delivered either via malicious script, VBA macros, or the classic fraudulent link. Emotet emails are carefully designed to look like authentic emails. Typically, they have ‘incentive words’ that prod victims into following through. In this case, the incentive is a holiday party. The email contains a corrupt MS Word file, which hints at being a Menu Card for the foods that will be at the supposed party.

The emails are made to look legit because they are templatized into authoritative mailboxes that are no longer in use. The email also looks sophisticated on account of providing supplementary features like Translations etc.

When the victim downloads the faulty Word document, and opts for the Enable Editing option in MS Word, a macro is triggered that invokes the download of the Emotet, which starts it work in the background, leading to replication, phishing and possibly ransomware demands.

What can be done?

Training employees on the best security practices is one of the best ways to prevent a malware attack.

“If your phishing defence program is aligned with active threats hitting organisations, then this is exactly the template you should be using to train your users to identify a real phish.”

– Tonia Dudley from Cofense Security Solutions wrote in a blog post outlining the news.


Moreover, it is hugely beneficial if you have elicited the services of a third-party security services provider, who can stop the attack at the entry point (in this case, your mailbox). If you are currently looking for providers, you may not have to look far. Logix with its cloud email security Advanced Threat Protection (ATP) enables organisations to combat advance threats like Advanced Malware, Spear-phishing, Domain Impersonation/ Domain Spoofing, Zero day, Whaling, Targeted Email threats, Ransomware, Crypto ware, and Business Email Crime(BEC) attacks with its multiple threat intelligence detection & prevention tools, to ensure maximum security for you.


Leave a Reply

Your email address will not be published. Required fields are marked *

Continue to chat
Hello 👋
Let us know how we can help you!