US election 2020 malware scam targets undecided voters

(Image credit: Pexels)

Now that Emotet has returned following months of inactivity, security researchers at Proofpoint have observed a new spam campaign in which the malware was used to target voters ahead of the 2020 US election.

The threat actor behind Emotet, TA542, uses a variety of lure themes to target unsuspecting victims and in the past these have included invites to Christmas parties as well as to Greta Thunberg demonstrations.

At the beginning of October, Proofpoint observed thousands of Emotet email messages with the subject line “Team Blue Take Action” sent out to hundreds of organizations across the US. The message body of the email was lifted directly from a page on the Democratic National Committee's website, though a line was added requesting that the recipient open the attached document.

Targeting undecided voters

According to a new blog post from Proofpoint, attached to the email messages sent out in this latest Emotet spam campaign is a malicious Word document titled “Team Blue Take Action”. The document itself contains macros, which if enabled, will download and install the Emotet malware on a victim's computer.

However, the emails sent out in the campaign differ slightly as others have subject lines such as Valanters 2020, Detailed information, List of Works, Volunteer and Information. At the same time, the malicious document also has a different file name and some samples of additional related filenames observed by Proofpoint include List of works, Valanters 2020, Detailed information and volunteer.

In an email to TechRadar Pro, senior director of threat research and detection at Proofpoint Sherrod DeGrippo provided further insight on the new election-focused campaign, saying:

“Today Proofpoint prevented thousands of malicious emails from hitting unsuspecting voters nationwide—and it’s essential that everyone is aware that threat actors are actively working to impersonate trusted sources this election season.

“Emotet is one of the world’s most disruptive threats and their quick use of DNC-themed emails following this week’s presidential debate demonstrates just how swiftly threat actors can tailor their email lures to focus on prominent events. To avoid impersonation attempts this election cycle, approach all unsolicited emails with extreme caution especially if they ask you to take urgent action. Do not open email attachments or click on emailed links and be sure to deeply examine any and all digital communication surrounding the election to verify authenticity and reduce risk.”

To avoid falling victim to this and other scams online, users should exercise extreme caution when opening emails from unknown senders, especially during this heated election season.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.