"Fake Christmas Eve Termination Notices Used as Phishing Lures"

A newly discovered phishing campaign is sending out fake employee termination notices and phony omicron-variant exposure warnings.  One of the suspicious emails found by security researchers told the target that their employment would cease as of Dec. 24 and that the decision was not reversible.  An attached password-protected Excel file promised additional details.  Once a recipient opened a file, a blurred form appeared with a button to "Enable Content," which enabled the file to run an automated script through its macros feature, a technique intended to help automation that simultaneously has been abused for years for malicious purposes.  After the button was clicked, a pop-up window appears saying, "Merry X-Mas Dear Employees!" The Dridex malware is downloaded to the victim's computer from a Discord server and begins stealing credentials.  Dridex is a trojan dating back to 2014 that typically spreads through email phishing campaigns and is associated with credential theft.  Dridex has been used to steal more than $100 million from financial institutions and banks spread across 40 countries, according to the U.S. Treasury Department.  Another Dridex-laced email in the same campaign contained the subject line "Positive OMICRON results." The email warns the victim that they'd been exposed to a coworker who tested positive for the omicron variant of COVID-19 sometime between Dec. 17 and 19.  The email then tells the victim to click on an attached document to view additional information.  

CyberScoop reports: "Fake Christmas Eve Termination Notices Used as Phishing Lures"