After several months of inactivity, the Emotet malware has resumed its activities as it has been seen targeting voters ahead of the US 2020 election. Security researchers at Proofpoint discovered the malware’s activities and said the threat actors are concentrating on some undecided US voters.
TA542 is the threat actor behind the Emotet malware, and they use a wide range of themes to deceive unsuspecting victims. Their recent activities include Greta Thumberg denominations and invites to Christmas parties.
Earlier this week, the Proofpoint researchers discovered thousands of Emotet email messages carrying the same subject line “Team Blue Take Action” The email was delivered to several organizations and institutions in the United States.
According to the researcher, the email’s message body was copied from a website page of the Democratic National Committee, but the threat actor added a line that requested the target to open the email.
Based on the details provided by Proofpoint about the attack, the malicious word document is sent as an attachment by the threat actors. That means, if the recipient opens the malware-infested document, their system is automatically compromised. The document has macros, capable of downloading and installing the Emotet malware on the target’s computer when enabled.
But the email sends by the threat actors during the election campaign is different from other emails formerly used by them. While the other file names include names like Volunteer and Information, List of Works, Detailed Information, and Valanters, the malware-infested files have different names.
Some of the file names are only extensions of the previous file names to differentiate them.
Sherrod DeGrippe, who is Checkpoint’s senior director of threat research and detection, shared an email to provide further details about the activities of threat actors. The director said Proofpoint has been able to prevent the infiltration of thousands of computer systems by the Emotet malware.
“Today Proofpoint prevented thousands of malicious emails from hitting unsuspecting voters nationwide,” he said.
Furthermore, the director pointed out that the threat actors are seriously trying to impersonate those with a good source of information during the election. He reiterated that the threat actors are specialized in such type of campaigns, but is not sure whether they are liked to any government agencies .
He further advised that people should be very much aware that threat actors are constantly trying to plant malicious apps to impersonate important persons as the elections draw near.
This is not the only threat users have been warned about. Some hackers are also interested in the election and are trying to get important information to swing the election in favor of their sponsors.
The hackers are using a classic social engineering method, where users are told of an issue with their accounts and are provided with a link they can click to fix the problem.
Once the email recipient clicks on the link, which is threaded with a malware, their systems are immediately infected with the malware.
The emails are crafted in a way that seems from the main source, but they are wired with malware. The most intriguing thing is the fact that the hackers pulled off images from the original government site to confuse users and make them believe they are dealing with a legitimate portal.
The security researchers at Proofpoint say Emotet is one of the most destructive threats in the cyber world, with their fast utilization of DNC-themed emails after the week’s presidential debate. It shows exactly how fast they can design their email to focus on prominent events.
The researchers have advised that users should be very cautious especially when they receive an email requesting them to take urgent action. They should not click on email links or open email attachments from unsolicited senders.
The users should also scrutinize any emails they receive about the election to verify their authenticity and lessen risks.