WARNING: 'Greta Thunberg' emails are being used to spread malicious Emotet malware

Attackers are using 'Great Thunberg' emails to spread malicious Emotet malware delivered via an attached word document

There's no doubt that Swedish climate-change activist and Time Person of the Year Greta Thunberg has inspired thousands of people around the world. Now, attackers are using her name to spread malicious malware via email.

'Support Greta Thunberg' emails

If you've received a "support Greta Thunberg" email in your inbox, you might want to choose your subsequent steps very carefully. The threat research team at Proofpoint is warning users against a global malicious email campaign designed to spread Emotet malware using the teenage environmentalist as a lure.

Greta Thunberg email
A screenshot of the fraudulent Greta Thunberg emails being sent to victims. Proofpoint

The malicious malware comes included in an attached Microsoft Word document and the subject of the email reads, "Support Greta Thunberg – Time Person of the Year 2019." It goes without saying that if you receive such an email, do not open the attachment.

The fraudulent emails urge recipients to demonstrate against the government's failure to act on climate change and open the malicious attached .doc file to find details of the protest. It also encourages recipients to forward the email to as many people as possible including friends, family and co-workers.

Who is Greta Thunberg?

The report adds that attackers are taking advantage of Thunberg's name given the publicity she's received over her climate change movement and her recent winning of the Time's "Person of the Year" title. "Attackers choose their lures carefully in many ways, their lures are a reliable barometer of public interest and awareness," the report said.

Greta Thunberg
Greta Thunberg is Time's Person of the Year 2019 Time/Twitter

The malware attack appears to target students as a majority of the recipients are .edu domains. "We saw more .edu domains attacked than domains associated with any specific country," Proofpoint said in its report. "This makes sense given the strong support Thunberg has among students and young people."

What is Emotet malware?

The objective of the campaign is to sneak in Emotet malware through the fake Great Thunberg emails. Emotet is essentially a type of Trojan malware deployed with the intention of stealing financial credentials and even plant additional malware.

As per the U.S. government, "Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial governments, and the private and public sectors."

The malware, which started off as a banking trojan in 2014, has now evolved into a major threat to users across the globe. After a period of hibernation in the summer, the malware's activity has surged in the third quarter this year and accounted for nearly 12% of all malicious emails in the period.