There’s a Fake Christmas Eve termination troublemaker out there, better read this one

Hello folks,

My goal wasn’t necessarily to blog till after the Christmas holiday, except, I saw that a post of mine got some traction on Linked in where this Cyberscoop article was posted. The article is titled Fake Christmas Eve termination notices used as phishing lures and it is something that needs immediate posting.

A phishing campaign using a well-known malware families is employing a pair of particularly devious methods to trick targets into opening an infected file: fake employee termination notices and phony omicron-variant exposure warnings.

The particular campaign is our good friend Dridex, which has been around since 2014.

The suspicious email told the target that their employment would cease as of Dec. 24, and that the decision was not reversible. An attached password-protected Excel file promised additional details.

As per usual, the file asks you to click continue to run a macro which will infect your machine. According to the article, it says:

Dridex is a trojan dating back to 2014 that typically spreads through email phishing campaigns and is associated with credential theft. It’s been used to steal more than $100 million from financial institutions and banks spread across 40 countries, according to the U.S. Treasury Department.

It further hones my point that it has been around for many years.
Bleeping computer reported this on the 22nd, and if it isn’t sending the phony termination letters to potential people, it is full of ratial things that the researchers have found. That paragraph of the article says:

A reply to TheAnalyst’s tweet containing the phony termination notice noted that in some versions of the email, the “Merry X-Mas” pop-up substituted racial slurs instead of the word “Employees.”

There are two more paragraphs which I’m going to quote. one talks about the ratial things that I mentioned above.

The racist messaging with this particular Dridex effort dates back a couple months, TheAnalyst told CyberScoop Thursday. A phishing email sent to targets around Black Friday, for instance, referenced killing “black protesters,” with a license. “If you find this message inappropriate or offensive, do not hesitate to click complaint button in the attached document and we will never contact you again,” the message read.

The hackers also infuse racist email addresses into the malware payloads, TheAnalyst said, as an effort to troll researchers. Targets of the campaigns don’t see this part of the campaign, but researchers who seek out, examine and expose phishing campaigns do.

Besides that, some people may get a message about someone in the company getting infected with the latest Covid-19 varient, and what they need to do to learn more is to open the attached file.

It is of course, a passworded file.

Please make sure you know where you are getting for files. For example, the JRN will always tell you what files are being sent, and will indicate the format if possible. If you don’t see any information about what you’re getting and you see its from any of my team that may represent me, you can contact me by phone, or through a trusted address you have on file or through my contact form.

Please be safe! We don’t want you to get infected and have more problems than you already have. Thanks so much for listening, reading and participating!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.