INSUBCONTINENT EXCLUSIVE:
Security researchers have discovered a new phishing scam which lures users into opening a malicious Excel document by pretending to offer
their HIV test results.Phishing campaigns have seen a huge increase over the past year as the scammers behind them have begun employing new
tactics to trick users into falling for their schemes.This time though, they may have taken things too far as researchers at Proofpoint have
observed scammers sending phishing emails with malicious Excel spreadsheets pretending to be patients' HIT test results from Vanderbilt
University.While those who are more observant may notice that the university's name is misspelled in the contact of the email as
test results.If a user does decide to enable content, malicious macros are then executed which download and install the Koadic penetration
test and post-exploitation toolkit.Through Koadic, the attackers are able to gain complete control over the infected computer and from there
they can execute any command they like to download additional malware or steal files from the machine.Senior director of threat research and
detection at Proofpoint, Sherrod DeGrippo provided further insight on how cybercriminals are now using health-related lures to trick users
health-related emails with caution, especially those that claim to have sensitive health-related information
Sensitive health-related information is typically safely transmitted using secured messaging portals, over the phone, or in-person
