Emotet Trojan Plays Tricks on Halloween

Emotet Trojan Plays Tricks on Halloween

Trick or Treat? The creators behind Emotet Trojan decided to play tricks on Halloween yesterday, instead of treating trick or treaters. The Emotet Trojan sent out emails to users, offering them a treat, but instead tricked users into installing a malware.

What is Emotet Trojan?

Emotet is a banking trojan, mainly spread through spam emails. This malware uses phishing techniques to trick users into clicking on the email. Usually, the trojan is delivered via a malicious script, macro-enabled document files, or a malicious link.

New Template

For the holiday celebrations yesterday, the makers of the malware changed up the delivery method of Emotet. This time using Halloween themed templates inviting users to a Halloween party. The new theme was first discovered by Joseph Roosen, a sysadmin who is part of the Emotet tracking group Cryptolaemus.

The malware behaves in the same way as before, except the template has been changed. When the user opens the attachment, they receive a security warning with the ‘Enable Content’ button. When the button is pressed, the Emotet Trojan is downloaded. The trojan then installs another malware, which uses the user’s computer to send out more spam.

The body of the email looks similar for each user, but time and text changes to some degree.


“Dear Neighbors and Friends,

It is Halloween and time for TREAT OR TRICK.

Please join us for a casual dinner party on Halloween night, Oct.31, 2019 starting at 6:00pm. Come and say hello to your neighbors and enjoy some food and drinks.

We are looking forward to a fun day and kindly respond with an email to make sure we have enough TREAT for you.

Details in the attachment”



Unique address names included:

  • Halloween invitation
  • Party invitation
  • Halloween party invitation
  • Happy Halloween
  • Halloween Party
  • Party tonight
  • Halloween party
  • Halloween

Funny enough although the text changed, the creators of Emotet did not use any Halloween images or colors. Joseph Roosen commented on twitter:


#Emotet AAR for 2019/10/31 – Today was an interesting day but I am with @LawrenceAbrams and I also disappointed the document template used on E3 for the Halloween malspam was not more festive, at least make the template colors bright orange or put a damn pumpkin on it.”



Contact LIFARS For

Phishing Attack Simulation Services