A new phishing campaign is taking place at this time. The hackers send phishing emails at victims, which are supposed to include medical results and in particular the results of your tests for HIV. The emails include a malicious Excel document that infects the systems of victims.
In recent years, phishing campaigns have become more and more "cruel", as scammers come up with various stories to convince victims to open a malicious document or click on a link that will take them to a malicious web page site.
Currently, Proofpoint researchers have discovered new phishing emails, which include malicious Excel documents said to contain victims' HIV test results. The emails are supposed to come from Vanderbilt University.
The scammers write the university as "University Vanderbit", i.e. there is no "l" (the correct one is Vanderbilt). If one does not pay much attention, one will not notice the error. However, it is important check for spelling and syntax errors, because they are often an indication that it is a fraud (in combination with other suspicious Data).
In the email there is an attachment Archive, under the name TestResults.xlsb. If the victim opens it, they will find an Excel document which states that the data is protected and 'Enable content' should be done to view the document.
However, upon activation of the content, the content starts to run malicious macros which download and install the Koadic penetration test and post-exploitation toolkit.
With Koadic, the attackers gain full control of the infected Computer and they can do anything (run commands, steal files, download malware etc.).
"In recent years it has been used by various government hacking teams, including Chinese and Russian groups, as well as Iranian-linked attackers," Proofpoint explains in their report.
The official medical institutions never send medical results via simple emails. If they want to inform you about a test or anything else, they will ask you to log in to a secure portal. So do not fall into the trap of such a phishing email!
Proofpoint points out that this latest phishing campaign shows that the hackers they keep exploiting the medical issues to deceive users. Recently, phishing emails were found with the subject of coronavirus. It is an ongoing tactic, as attackers know that when there is a health and risk issue, most people will respond.
"We encourage them users be wary of health-related emails, especially those claiming to contain sensitive information. Sensitive health-related information is usually sent securely, using secure portals, over the phone or face-to-face," Proofpoint stresses.
It is also important not to open attachments that come from foreign sources or Organisations. Even if we are expecting an email, it is best to confirm by phone.
