Cybersecurity researchers have uncovered a new phishing campaign that uses fake HIV test results to lure victims into clicking a malicious link.
The morally bereft campaign has been detected targeting insurance, healthcare, and pharmaceutical companies around the world.
In the latest incarnation of the scam, researchers at Proofpoint observed cybercriminals impersonating Vanderbilt University Medical Center and sending out fake HIV test result emails.
Recipients were encouraged to open malicious content embedded into the message, which triggered the installation of Koadic RAT. Once installed, the malware can take complete control of a user's system, running programs on the infected device and accessing victims’ data, including sensitive personal and financial information.
The control it gives attackers has made Koadic popular among many threat groups in recent years, particularly those thought to be state sponsored by the People's Republic of China, the Russian Federation, and Iran.
Though criminally accomplished, the attackers in this instance made a schoolboy error in putting together the text of their egregious email, misspelling Vanderbilt as "Vanderbit."
Proofpoint researchers wrote: "This latest campaign serves as a reminder that health-related lures didn’t start and won’t stop with the recent Coronavirus-themed lures we observed. They are a constant tactic as attackers recognize the utility of the health-related 'scare factor.'"
Researchers advised members of the public to think before they click and to take into account that healthcare professionals are highly unlikely to send sensitive information such as the results of an HIV test over email.
"We encourage users to treat health-related emails with caution, especially those that claim to have sensitive health-related information," stated researchers.
"Sensitive health-related information is typically safely transmitted using secured messaging portals, over the phone, or in person."
Proofpoint said that the best way to avoid falling victim to phishing scams that pretend to grant access to genuine medical test results is to establish an alternative method for receiving results from your doctor.
They said: "If you receive an email that claims to have sensitive health-related information, don’t open the attachments. Instead, visit your medical provider’s patient portal directly, call your doctor, or make an appointment to directly confirm any medical diagnosis or test results."