Edward Snowden book used as bait in malware campaign, cybersecurity firm warns

Former intelligence contractor Edward Snowden’s controversial new book is being used as bait to infect computers with malicious software, a cybersecurity firm warned.

Emotet, a dastardly type of malware designed to steal data, is being served up through spam emails purportedly containing pirated copies of Mr. Snowden’s recently released memoir, “Permanent Record,” warned Malwarebytes, the California-based company that discovered the campaign.

The emails instruct recipients to view an attached, booby-trapped Microsoft Word file supposedly containing the text of the book, Malwarebytes explained Monday in a blog post.

“Upon opening the document, a fake message that ’Word hasn’t been activated’ is displayed to victims who are prompted to enable the content with a yellow security warning,” the post said. “Once they do, nothing appears to happen. However, what users don’t see is the malicious macro code that will execute once they click on the button.”

If clicked, the booby-trapped document begins communicating with a server containing Emotet and tries to install malware on the recipient’s computer, in turn putting their data at risk of being digitally hijacked by hackers.

“Emotet is a double or even triple threat if it is not quarantined right away,” Malwarebytes warned.

Released on Sept. 17, “Permanent Record” is the first book written by Mr. Snowden, 36, since he leaked a trove of classified U.S. government material to the media in 2013. The Department of Justice filed a civil suit against Mr. Snowden the same day it hit shelves, arguing the former National Security Agency contractor violated non-disclosure agreements by failing to have the book reviewed by the government before publication.

Emails containing the malicious Word documents were sent in several languages and make reference to the controversy surrounding Mr. Snowden’s book, Malwarebytes noted.

“First, they spy on us, then they persecute whistleblowers, now they ban books. Freedom? Time to organise collective readings of Snowden book everywhere. Go, buy the book now, read it, share it, discuss it,” reads one of the spam emails sent in English.

Similar emails containing the malicious attachment were discovered in Italian, Spanish, German and French, according to the blog post.

“Criminals are known to capitalize on newsworthy events for scams and other social engineering purposes,” the post acknowledged.

Originally designed to steal financial data, Emotet has wreaked havoc on computer systems belonging to victims in the U.S. and abroad since first being discovered in 2014, in one instance resulting in the city of Allentown, Pennsylvania, planning to spend $1 million to rebound from an infection.

“Emotet continues to be among the most costly and destructive malware affecting state, local, tribal and territorial (SLTT) governments, and the private and public sectors,” the Department of Homeland Security warned last year.

Mr. Snowden was previously charged by the Justice Department with criminal violations related to leaking NSA documents. He was abroad when the charges were filed and has not returned to stand trial.