London Daily

Focus on the big picture.
Thursday, Jul 10, 2025

Hackers Are Sending Fake HIV Results And Coronavirus Emails To Infect People’s Computers

Hackers Are Sending Fake HIV Results And Coronavirus Emails To Infect People’s Computers

“Coronavirus has been exhausting for us,” said one cybersecurity researcher.
Hackers are sending emails with fake HIV results and coronavirus information that infect computers with malware, according to research from cybersecurity research firm Proofpoint.

The fake HIV emails are designed to look like they come from Vanderbilt University, possibly to exploit the credibility of the Vanderbilt University Medical Center. The emails, which include an attached spreadsheet labeled “test results,” have been sent to insurance, health care, and pharmaceutical companies. When downloaded, a user is prompted to install macros, which leads to them becoming infected with malware known as the Koadic Remote Access Trojan.

“It’s really the lure with the HIV test results and the use of a health university, that's really the thing that's interesting about this,” Sherrod DeGrippo, senior director of the threat research and detection team at Proofpoint, told BuzzFeed News.

The HIV test phishing attack emerged in late January, roughly the same time Proofpoint and other cybersecurity firms began tracking hackers using coronavirus-themed emails to infect computers. Some of the COVID-19 emails promoted fake cures and other conspiracies.

The emails targeted industries such as manufacturing, transportation, health care, and higher education. Proofpoint has had to create special tracking for malicious COVID-19 emails for the first time.

Coronavirus has been exhausting for us,” DeGrippo said.

Hackers are evolving their coronavirus messaging in line with the global response. Knowing that many companies asked employees to work from home, the hackers send emails that claim to be from company HR departments or executives. The victim would be asked to sign into DocuSign or Microsoft Word, which is when their credentials would be stolen.

They also spoofed the World Health Organization and targeted Italians once the outbreak worsened in that country.

“Italy's prominence within the coronavirus epidemic has caused the shift of it in the lure languages and geotargeting,” she said.

The HIV and coronavirus emails are effective because they inspire curiosity or fear in recipients, according to DeGrippo. “If they don't get [you with] one emotion, they're going to get the other one,” she said.

The Koadic malware used for the HIV phishing attacks gives hackers access to a computer and allows them to consider their next steps as they learn more about their victim. The next phase of the attack may come months after the initial infection. It could be ransomware, a banking trojan, or information theft. Kodiac is widely used in Eastern Europe and has been deployed by Russia, China, and Iran, though there’s no evidence any of those countries are behind this new attack.

To protect yourself from phishing, DeGrippo recommends using unique passwords across accounts, multifactor authentication, running regular virus scans on your computer, and being skeptical of emails from unfamiliar sources that trigger an emotional reaction.

“Using these really highly emotionally charged lures is becoming the standard,” she said. “We're just starting to see a move away from the shipping receipts and the invoices and the resumes into a trend of big emotional scare tactics and curiosity starters.”
Newsletter

Related Articles

0:00
0:00
Close
Severe Heatwave Claims 2,300 Lives Across Europe
NVIDIA Achieves Historic Milestone as First Company Valued at $4 Trillion
Declining Beer Consumption Signals Cultural Shift in Germany
Linda Yaccarino Steps Down as CEO of X After Two Years
US Imposes New Tariffs on Brazilian Exports Amid Political Tensions
Azerbaijan and Armenia are on the brink of a historic peace deal.
Emails Leaked: How Passenger Luggage Became a Side Income for Airport Workers
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Weinstein Victim’s Lawyer Says MeToo Movement Still Strong
U.S. Enacts Sweeping Tax and Spending Legislation Amid Trade Policy Shifts
Football Mourns as Diogo Jota and Brother André Silva Laid to Rest in Portugal
Labour Expected to Withdraw Support for Special Needs Funding Model
Leaked Audio Reveals Tory Aide Defending DEI Record
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
London Stock Exchange Faces Historic Low in Initial Public Offerings
A new online platform has emerged in the United Kingdom, specifically targeting Muslim men seeking virgin brides
Trump Celebrates Independence Day with B-2 Flyover and Signs Controversial Legislation
Boris Johnson Urges Conservatives to Ignore Farage
SNP Ordered to Update Single-Sex Space Guidance Within Days
Starmer Set to Reject Calls for Wealth Taxes
Stolen Century-Old Rolls-Royce Recovered After Hotel Theft
Macron Presses Starmer to Recognise Palestinian State
Labour Delayed Palestine Action Ban Over Riot Concerns
Swinney’s Tax Comments ‘Offensive to Scots’, Say Tories
High Street Retailers to Enforce Bans on Serial Shoplifters
Music Banned by Henry VIII to Be Performed After 500 Years
Steve Coogan Says Working Class Is Being ‘Ethnically Cleansed’
Home Office Admits Uncertainty Over Visa Overstayer Numbers
JD Vance Questions Mandelson Over Reform Party’s Rising Popularity
Macron to Receive Windsor Carriage Ride in Royal Gesture
Labour Accused of ‘Hammering’ Scots During First Year in Power
BBC Head of Music Stood Down Amid Bob Vylan Controversy
Corbyn Eyes Hard-Left Challenge to Starmer’s Leadership
London Tube Trains Suspended After Major Fire Erupts Nearby
Richard Kemp: I Felt Safer in Israel Under Attack Than in the UK
Cyclist Says Police Cited Human Rights Act for Riding No-Handed
China’s Central Bank Consults European Peers on Low-Rate Strategies
AI Raises Alarms Over Long-Term Job Security
Saudi Arabia Maintains Ties with Iran Despite Israel Conflict
Musk Battles to Protect Tesla Amid Trump Policy Threats
Air France-KLM Acquires Majority Stake in Scandinavian Airlines
UK Educators Sound Alarm on Declining Child Literacy
Shein Fined €40 Million in France Over Misleading Discounts
Brazil’s Lula Visits Kirchner During Argentina House Arrest
Trump Scores Legislative Win as House Passes Tax Reform Bill
Keir Starmer Faces Criticism After Rocky First Year in Power
DJI Launches Heavy-Duty Coaxial Quadcopter with 80 kg Lift Capacity
U.S. Senate Approves Major Legislation Dubbed the 'Big Beautiful Bill'
Largest Healthcare Fraud Takedown in U.S. History Announced by DOJ
×