New Phishing Campaign Emerges as Hackers Use Fake HIV and COVID-19 Data

Published on March 15, 2020

While the world suffers in the wake of an epidemic, hackers are sending big pharmaceutical companies fake HIV results and Coronavirus information that contaminate devices with malware, said an article on Buzzfeed. Considered phishing, the fake emails are fabricated to allegedly exploit the reputation of Vanderbilt University Medical Center.

Phishing Trojans.

For the uninitiated, phishing is the use of fake websites or softwares that pose as one company or organization in an attempt to “phish” for sensitive data like personal or financial information. According to Proofpoint, the malware used in these attacks is known as Koadic. The intrusion tool provides phishers with illegal entry to a computer’s archives and the victim’s data. While the access tool has been tied to organizations linked to China and Russia, the attackers remain unidentified.

Email look-alikes target individuals.

The blog post from Proofpoint explains how the cybersecurity breach attempt looks like. At first, it looks as if it were an email from “Vanderbilt University Medical Center” with the subject line “Test Result of Medical Analysis.” Below victims allegedly find an Excel document named “TestResults.xlsb.” Said document claims to contain the recipient’s fake HIV results. After the potential victim opens the document, Koadic is downloaded; thus exposing the device to security breaches and lurking predators through the malware.

Consequences Of Phishing

The real targets of the phishing campaign were workers in insurance, healthcare and pharmaceutical companies. Aside from information theft, one can assume that the reason for this attack is to hurt the consumer. When Big Pharma falls prey to cyber attacks, the consumer’s trust in the organizations becomes compromised. The consumer no longet believes in their security when the companies fail to look after them. They can also end up looking for other alternatives—like the dark web—specially when the attackers used the general fear inspired by epidemics.

Speaking of Epidemics…

As explained before, aside from using fake HIV results, hackers are also using the Coronavirus threat for malicious emails as well. Some advertised fake cures, while others simply target companies that have asked their employees to work from home. In other words, not only are they after Big Pharma companies, but they are also targeting any corporation that allows the work-from-home module by pretending to be HR representatives. Proofpoint states that:

“The email claims there is a cure being hidden by government entities because the virus is being used as a bioweapon. It then urges the recipient to receive further information on the ‘cure’ by clicking on the link provided in the email.”

Mapping Their Way Into Your Computer.

It gets worse. Hackers are also allegedly using Coronavirus maps to infect electronic devices. Phishers are taking advantage of the global concern COVID-19 has caused. Now that organizations have made dashboards to keep track of the epidemic, hackers have decided to use said dashboards as guidelines, according to Ivan Mehta from TNW.

The method was discovered by researcher, Shai Alfasi. TNW argues that the cyber criminals fabricate websites related to Coronavirus in order to incite the consumer to download an application that will allegedly “keep you updated” on the situation. Once downloaded, however, a victim’s computer becomes infected with a malicious binary file that is install it on the device.

Virus Vs Virus.

While the malware currently only affects Windows consumers, it is still a deadly one. The operation, according to Alfasi, takes place through the use of a damaging software known as AZORult. Making its debut in 2016, the program is notorious for infecting devices with other malware after the first phishing attack. Also, as per the researcher, AZORult is used:

“to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines. AZORult is commonly sold on Russian underground forums for the purpose of collecting sensitive data from an infected computer. “

How To Identify Phishing Attacks. offers a list of precautions so that the consumer is able to defend themselves. These include:

Sense of Urgency: Cybercriminals might ask you to act fast because the conditions they impose on you are fleeting.

Attachments: Attachment in an email you weren’t expecting is a red flag as well. Don’t open it.

Hyperlinks: explains that hovering over a link shows you the actual URL where you will be directed upon clicking on it. Hackers choose popular websites, often with misspelling. Keep an eye out for them.

Argenis Ovalles is an Editorial Intern at Grit Daily. He currently writes at Vocal Media and Theater Pizzazz.

Read more

More GD News