Spear-Phishing Attack Lures Victims With ‘HIV Results’

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Attackers are purporting to send victims HIV test results – but in reality are convincing them to download the Koadic RAT.

Recently discovered spear-phishing emails are using a unique “scare-factor” lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results.

Researchers are warning of a recent campaign involving emails claiming to come from Vanderbilt University Medical Center, a legitimate medical complex in Nashville, Tenn. The emails were sent to a slew of unnamed companies in various industries, including global insurance, healthcare, and pharmaceutical firms. If victims clicked on the embedded attachment in the emails, they were infected with the Koadic RAT, which allows attackers to run programs and access victims’ data, including sensitive personal and financial information.

“Healthcare concerns drive us to do a lot of things like change our diet, work out more, and take medication,” said researchers with Proofpoint on Tuesday. “But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links.”

Victims received an email purporting to come from “Vanderbit [SIC] Medical,” with the subject line “Test result of medical analysis.” The body of the email encourages victims to open a malicious Microsoft Excel attachment titled “TestResults.xlsb,” claiming that the recipient’s HIV results are contained within it.
Once the victim opens the attachment, the Excel document opens and prompts the user to enable macros – and once they do that, the document then downloads the Koadic RAT. [....]
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top