Coronavirus may be the subject of choice for cybercriminal to lure victims into opening or responding to a message, but that does not mean other serious medical issues are also not being abused.
Proofpoint found a small campaign recently running using emails purportedly from the Vanderbilt University Medical Center with the subject line “Test of medical analysis”. The email started with “Your HIV results” with instructions to click the Excel attachment and then enable macros so the malware can be downloaded.
“This latest campaign serves as a reminder that health-related lures didn’t start and won’t stop with the recent Coronavirus-themed lures we observed. They are a constant tactic as attackers recognize the utility of the health-related ‘scare factor.’ We encourage users to treat health-related emails with caution, especially those that claim to have sensitive health-related information,” the report stated.
The malware is Koadic, which has a legitimate use as a tool for network defenders, but in these cases is being used by nation-state actors and allows them to take complete control of the targeted system, Proofpoint reported.
These attacks have been traced back to Chinese, Russian and Iranian threat actors.