Relying on basic social techniques, this campaign uses subject lines like:
Let's face it, everybody likes getting love letters and the hackers know this. That's exactly why a disturbing percentage of people receiving "love letters" like this wind up clicking on the attachment (usually a PDF) to download and open it.
Unfortunately, when they do, it fires a malicious JavaScript file that downloads something called "krablin.exe" and executes it. The results aren't pretty. The victim is infected with a nasty cocktail of malware that includes a cryptojacking miner called Monero XMRig Miner, a copy of the Phorpiex spambot, and GrandCrab Ransomware, which will move immediately to lock all your files and demand payment in Bitcoin.
It's a thorny issue. Most people only expect to see one type of malware installed per attack. So, odds are that once the victim pays the ransom and gets his or her files back, all the focus will be on getting rid of all traces of that malware. This leaves the other two to run silently in the background, profiting the hackers further.
Although the "love letter" campaign doesn't sound all that threatening, this is dark and serious business. Be on your guard against it and be sure your employees are aware.