Greta Thunberg malware is not the present you want this Christmas

(Image credit: / Liv Oeian)

A global malicious email campaign has been discovered using Swedish teenage environmentalist Greta Thunberg as a hook to lure in unsuspecting victims.

Security researchers at Proofpoint have uncovered a widespread campaign using Miss Thunberg's name to trick users into downloading the notorious Emotet malware botnet.

Proofpoint noted that the criminals mainly appear to be targeting environmentally-conscious students, especially those with .edu email addresses.


The emails, which in English sport some form of subject line concerning "Support Greta Thunberg", invite the recipient to a large-scale protest against governments said to be acting poorly against the threat of climate change.

The details of this fake protest, including time and address to meet, are said to be included in a file attached to the email, but opening this attachment instead downloads the Emotet malware onto the victim's device.

(Image credit: Proofpoint)

Users should be able to spot the malicious file as it comes in the outdated .doc format for Microsoft Word. The email itself (example pictured above) also contains multiple spelling and grammatical errors, something one would not expect from the recently-crowned Time Person of the Year 2019.

The campaign appears to be global in scale, with victims in Japan, Germany, Italy, UAE and Australia the most targeted - with the UK in sixth place. Victims are also told to forward the malicious email to all their contacts, meaning the campaign has rapidly spread across the world.

Emotet is one of the largest malware botnets in operation today with Proofpoint noting that its recent research reports found it accounted for nearly 12 percent of all malicious email worldwide during that quarter.

"This campaign serves as a reminder that attackers won’t hesitate to target people’s best intentions during this holiday season," Proofpoint's Sherrod Degrippo wrote in a blog post outlining the threat.

"It also serves as a mark of how significant environmental awareness has become and how well-known Greta Thunberg is globally. Attackers choose their lures carefully: in many ways their lures are a reliable barometer of public interest and awareness."

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.