Hackers Are Spreading Malware-Infested Emails Claiming to Offer Free Copies of Edward Snowden's New Book

Hackers are exploiting the popularity of Edward Snowden's new memoir to help spread emails ridden with computer malware, cybersecurity experts warn.

A new wave of malicious spam this week is claiming to offer a copy of Snowden's bestseller, titled Permanent Record, in a booby-trapped attachment, according to an advisory published yesterday by analysts from the California-based antivirus company Malwarebytes.

The emails are circulating a software known as Emotet, which has previously been described by a division of U.S. Homeland Security as being "among the most costly and destructive" forms of malware.

The hackers have been spamming out the email messages in English, Italian, Spanish, German and French. Each claims to contain a copy of Snowden's book inside a Microsoft Word document.

The email text references a legal case that was filed on the same day as the book's publication, although it makes the mistake of asserting the Department of Justice (DoJ) is attempting to outlaw its sale. In reality, the DoJ is seeking to recover all proceeds from the memoir, alleging Snowden violated pre-existing non-disclosure agreements with the Central Intelligence Agency (CIA) and National Security Agency (NSA).

The Emotet-infested email reads: "First they spy on us, then they prosecute whistleblowers, now they ban books. Freedom? Time to organize collective readings of Snowden book everywhere. Go, buy the book now, read it, share it, discuss it. The book is in the attachment."

If the recipient opens the file, they will see a message which says "Word hasn't been activated." They will then be prompted to enable the content with a yellow security warning. If that button is clicked, malicious code will covertly execute, connecting the computer with Emotet servers.

From there, the hackers could exploit the connection with the servers to hijack banking details, email logins, browsing history information and saved passwords, experts say. According to U.S-CERT, the software is increasingly used to download additional forms of malware.

Cybersecurity company Symantec says Emotet has been active since 2014. Last year, analysis suggested that its operators—who are not known—were mainly hitting targets in the U.S. Until last week, Malwarebytes said its servers had been dark for approximately four months.

Using Snowden's new book as a lure is not surprising. "Criminals are known to capitalize on newsworthy events for scams and social engineering purposes," Malwarebytes says.

Last week, the former NSA contractor, who spearheaded an unprecedented leak of intelligence agency secrets back in 2013, said the government's legal action likely helped boost sales.

"It was, like, 25 on the charts, and then the government said, you know, we don't want you to read this book. They said, 'God, sue Snowden as fast as you can, do anything you can, stop it, stop it, stop it.' Now we're number one basically everywhere. So you could say the Attorney General is the best hype man I've ever had," the whistleblower, 36, said in an interview.

Permanent Record
Newly released "Permanent Record" by Edward Snowden is displayed on a shelf at Books Inc. on September 17, 2019 in San Francisco, California. Justin Sullivan/Getty