One more wave of spam mail transporting Emotet malware at Christmas holidays. Previous Emotet campaigns were arrived via banking-related emails, this spear-fishing wave pretends to be greeting you that offered  to select something you will bring and for you to wear your ugliest Christmas sweater to the party. The messages contain different Christmas greetings with a malicious MS Word document file attached.

Main goal of Emotet crew is to get the recipient to open the attached .doc file so they are infected with the Emotet Trojan and other malware.

In the attached document with names like ‘Christmas party.doc’,  and ‘Party menu.doc’, the recipient is prompted to turn on macros by clicking Enable content. If the user enables it, the malicious code downloads and runs an Emotet variant in the recipient’s system.  Once Emotet is launched, your computer will be used to send further spam, download data stealers, and possibly more unexpected actions.

Obfuscated macro script inside of malicious MS Word document: