Coronavirus may be the subject of choice for cybercriminal to lure victims into opening or responding to a message, but that does not mean other serious medical issues are also not being abused.

Proofpoint found a small campaign recently running using emails purportedly from the Vanderbilt University Medical Center with the subject line “Test of medical analysis”. The email started with “Your HIV results” with instructions to click the Excel attachment and then enable macros so the malware can be downloaded.

“This latest
campaign serves as a reminder that health-related lures didn’t start and won’t
stop with the recent Coronavirus-themed lures we observed. They are a constant
tactic as attackers recognize the utility of the health-related ‘scare factor.’
We encourage users to treat health-related emails with caution, especially
those that claim to have sensitive health-related information,” the report

The malware
is Koadic, which has a legitimate use as a tool for network defenders, but in
these cases is being used by nation-state actors and allows them to take
complete control of the targeted system, Proofpoint reported.

attacks have been traced back to Chinese, Russian and Iranian threat actors.