Fake HIV results disguised phishing scam
Scammers stoop to new low to deliver malicious content to unsuspecting users
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security researchers have uncovered a newphishing scamwhich lures users into opening a malicious Excel document by pretending to offer their HIV test results.
Phishing campaigns have seen a huge increase over the past year as the scammers behind them have begun employing new tactics to trick users into falling for their schemes.
This time though, they may have taken things too far as researchers atProofpointhave observed scammers sending phishing emails with malicious Excel spreadsheets pretending to be patients' HIT test results from Vanderbilt University.
While those who are more observant may notice that the university’s name is misspelled in the contact of the email as “Vanderbit”, most users likely won’t as the rest of thephishing emailappears as if it comes directly from the university.
Malicious Excel file
The phishing emails sent out in the campaign all contain an attachment named “TestResults.xlsb” that requires users to ‘Enable Content’ to view their test results.
If a user does decide to enable content, malicious macros are then executed which download and install the Koadic penetration test and post-exploitation toolkit.
Through Koadic, the attackers are able to gain complete control over the infected computer and from there they can execute any command they like to download additionalmalwareor steal files from the machine.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Senior director of threat research and detection at Proofpoint, Sherrod DeGrippo provided further insight on how cybercriminals are now using health-related lures to trick users into falling for phishing scams in ablog post, saying:
“This latest campaign serves as a reminder that health-related lures didn’t start and won’t stop with the recent Coronavirus-themed lures we observed. They are a constant tactic as attackers recognize the utility of the health-related “scare factor.” We encourage users to treat health-related emails with caution, especially those that claim to have sensitive health-related information. Sensitive health-related information is typically safely transmitted using secured messaging portals, over the phone, or in-person. If you receive an email that claims to have sensitive health-related information, don’t open the attachments. Instead, visit your medical provider’s patient portal directly, call your doctor, or make an appointment to directly confirm any medical diagnosis or test results.”
ViaBleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
This dangerous new malware is hitting Windows devices by hiding in games
Windows PCs targeted by new malware hitting a vulnerable driver
Key Strategies for financial institutions to combat fraud
