False HIV tests and coronavirus information are the main themes used by cybercriminals to infect computers with malware through e-mail. This was determined by a study by the cyber security research firm Proofpoint published by BuzzFeed News.
Addressed to insurance companies, health and pharmaceutical staff, the messages are created to appear to come from the University of Vanderbilt, insurance to exploit the prestige of their medical professionals.
Emails, which include a spreadsheet attached with the test results label, have been sent to. When it is downloaded, the user is asked to install macros, which causes him to become infected with the malware known as the Koadic remote access trojan, inform the media.
The senior director of the Proofpoint threat research and detection team, Sherrod DeGrippo, explained that the results of HIV testing and the use of a university is what makes the content really attractive.
Interestingly, the phishing attack arose at the end of January, in parallel with the appearance of malicious emails with false cures and conspiracies about the coronavirus. The mails were sent to manufacturing, transportation, medical care and higher education industries.
Hackers are developing their coronavirus messages according to the global response. Knowing that many companies asked employees to work from home, hackers send emails that claim to be from human resources departments or executives. The victim is asked to log in to DocuSign or Microsoft Word, and steal their credentials, add the medium.
BuzzFeed News record that Italy, the second most affected country after China, with more than 10,000 infected and more than 600 fatal cases at the end of this note, has been the favorite target of criminals, although not even the officials of the World Organization of Health (WHO) have been saved.
The Koadic malware used for HIV phishing attacks gives hackers access to the computer and allows them to consider their next steps as they learn more about their victim. The next phase of the attack may come months after the initial infection. It could be ransomware, a banking trojan or information theft. Koadic is widely used in Eastern Europe and has been deployed by Russia, China and Irn, although there is no evidence that any of those passes are behind this new attack, the site said.
How to protect yourself? Using unique passwords on all accounts, multifactor authentication, running regular virus analysis on the computer and being skeptical of such digital messages, DeGrippo said.