PAC spoof drops Emotet: phishing campaign leverages stolen PAC content to drop Emotet

A new phishing campaign has been discovered that leverages the recent hype surrounding President Trump's decision to halt U.S. funding for the World Health Organization (WHO). The campaign uses a typical Political Action Committee (PAC) email, eliciting support for presidential incumbent Donald Trump in the upcoming 2020 election. This phishing campaign aims to compromise politically-related entities rather than just the typical targets of opportunity that are commonly associated with this banking trojan. The attacker disguises their Emotet delivery mechanism as messaging about timely and highly publicized, hot-button issues in politics.