Case Study: Emotet Thread Hijacking, an Email Attack Technique


Malicious spam (malspam) pushing Emotet malware is the most common email-based threat, far surpassing other malware families, with only a few other threats coming close.

In recent weeks, we have seen significantly more Emotet malspam using a technique called “thread hijacking” that utilizes legitimate messages stolen from infected computers’ email clients. This malspam spoofs a legitimate user and impersonates a reply to the stolen email. Thread hijacked malspam is sent to addresses from the original message.

This technique is much more effective than less sophisticated methods, which many people have now learned to spot. The approach is more successful at convincing potential victims to click on an attached file, or to click on a link to download a malicious Word document with macros designed to infect a user with Emotet.

Read more…
Source: Palo Alto