London Daily

Focus on the big picture.
Friday, Oct 24, 2025

Hackers Are Sending Fake HIV Results And Coronavirus Emails To Infect People’s Computers

Hackers Are Sending Fake HIV Results And Coronavirus Emails To Infect People’s Computers

“Coronavirus has been exhausting for us,” said one cybersecurity researcher.
Hackers are sending emails with fake HIV results and coronavirus information that infect computers with malware, according to research from cybersecurity research firm Proofpoint.

The fake HIV emails are designed to look like they come from Vanderbilt University, possibly to exploit the credibility of the Vanderbilt University Medical Center. The emails, which include an attached spreadsheet labeled “test results,” have been sent to insurance, health care, and pharmaceutical companies. When downloaded, a user is prompted to install macros, which leads to them becoming infected with malware known as the Koadic Remote Access Trojan.

“It’s really the lure with the HIV test results and the use of a health university, that's really the thing that's interesting about this,” Sherrod DeGrippo, senior director of the threat research and detection team at Proofpoint, told BuzzFeed News.

The HIV test phishing attack emerged in late January, roughly the same time Proofpoint and other cybersecurity firms began tracking hackers using coronavirus-themed emails to infect computers. Some of the COVID-19 emails promoted fake cures and other conspiracies.

The emails targeted industries such as manufacturing, transportation, health care, and higher education. Proofpoint has had to create special tracking for malicious COVID-19 emails for the first time.

Coronavirus has been exhausting for us,” DeGrippo said.

Hackers are evolving their coronavirus messaging in line with the global response. Knowing that many companies asked employees to work from home, the hackers send emails that claim to be from company HR departments or executives. The victim would be asked to sign into DocuSign or Microsoft Word, which is when their credentials would be stolen.

They also spoofed the World Health Organization and targeted Italians once the outbreak worsened in that country.

“Italy's prominence within the coronavirus epidemic has caused the shift of it in the lure languages and geotargeting,” she said.

The HIV and coronavirus emails are effective because they inspire curiosity or fear in recipients, according to DeGrippo. “If they don't get [you with] one emotion, they're going to get the other one,” she said.

The Koadic malware used for the HIV phishing attacks gives hackers access to a computer and allows them to consider their next steps as they learn more about their victim. The next phase of the attack may come months after the initial infection. It could be ransomware, a banking trojan, or information theft. Kodiac is widely used in Eastern Europe and has been deployed by Russia, China, and Iran, though there’s no evidence any of those countries are behind this new attack.

To protect yourself from phishing, DeGrippo recommends using unique passwords across accounts, multifactor authentication, running regular virus scans on your computer, and being skeptical of emails from unfamiliar sources that trigger an emotional reaction.

“Using these really highly emotionally charged lures is becoming the standard,” she said. “We're just starting to see a move away from the shipping receipts and the invoices and the resumes into a trend of big emotional scare tactics and curiosity starters.”
Newsletter

Related Articles

0:00
0:00
Close
Microsoft AI CEO: ‘We’re making an AI that you can trust your kids to use’ — but can Microsoft rebuild its own trust before fixing the industry’s?
China and Russia Deploy Seductive Espionage Networks to Infiltrate U.S. Tech Sector
Apple’s ‘iPhone Air’ Collapses After One Month — Another Major Misstep for the Tech Giant
Graham Potter Begins New Chapter as Sweden Head Coach on Short-Term Deal
Ecuadorian President Daniel Noboa Alleges Poison Plot via Chocolate and Jam
Lakestar to Halt External Fundraising as Investor in Revolut and Spotify
U.S. Innovation Ranking Under Scrutiny as China Leads Output Outputs but Ranks 10th
Three Men Arrested in London on Suspicion of Spying for Russia
Porsche Reverses EV Strategy as New CEO Bets on Petrol and Hybrids
Singapore’s Prime Minister Warns of ‘Messy’ Transition to Post-American Global Order
Andreessen Horowitz Sets Sights on Ten-Billion-Dollar Fund for Tech Surge
US Administration Under President Donald Trump Reportedly Lifts Ban on Ukraine’s Use of Storm Shadow Missiles Against Russia
‘Frightening’ First Night in Prison for Sarkozy: Inmates Riot and Shout ‘Little Nicolas’
White House Announces No Imminent Summit Between Trump and Putin
US and Qatar Warn EU of Trade and Energy Risks from Tough Climate Regulation
Apple Challenges EU Digital Markets Act Crackdown in Landmark Court Battle
Nicolas Sarkozy begins five-year prison term at La Santé in Paris
Japan stocks surge to record as Sanae Takaichi becomes Prime Minister
This Is How the 'Heist of the Century' Was Carried Out at the Louvre in Seven Minutes: France Humiliated as Crown with 2,000 Diamonds Vanishes
China Warns UK of ‘Consequences’ After Delay to London Embassy Approval
France’s Wealthy Shift Billions to Luxembourg and Switzerland Amid Tax and Political Turmoil
"Sniper Position": Observation Post Targeting 'Air Force One' Found Before Trump’s Arrival in Florida
Shouting Match at the White House: 'Trump Cursed, Threw Maps, and Told Zelensky – "Putin Will Destroy You"'
Windows’ Own ‘Siri’ Has Arrived: You Can Now Talk to Your Computer
Thailand and Singapore Investigate Cambodian-Based Prince Group as U.S. and U.K. Sanctions Unfold
‘No Kings’ Protests Inflate Numbers — But History Shows Nations Collapse Without Strong Executive Power
Chinese Tech Giants Halt Stablecoin Launches After Beijing’s Regulatory Intervention
Manhattan Jury Holds BNP Paribas Liable for Enabling Sudanese Government Abuses
Trump Orders Immediate Release of Former Congressman George Santos After Commuting Prison Sentence
S&P Downgrades France’s Credit Rating, Citing Soaring Debt and Political Instability
Ofcom Rules BBC’s Gaza Documentary ‘Materially Misleading’ Over Narrator’s Hamas Ties
Diane Keaton’s Cause of Death Revealed as Pneumonia, Family Confirms
Former Lostprophets Frontman Ian Watkins Stabbed to Death in British Prison
"The Tsunami Is Coming, and It’s Massive": The World’s Richest Man Unveils a New AI Vision
Outsider, Heroine, Trailblazer: Diane Keaton Was Always a Little Strange — and Forever One of a Kind
Dramatic Development in the Death of 'Mango' Founder: Billionaire's Son Suspected of Murder
Two Years of Darkness: The Harrowing Testimonies of Israeli Hostages Emerging From Gaza Captivity
EU Moves to Use Frozen Russian Assets to Buy U.S. Weapons for Ukraine
Europe Emerges as the Biggest Casualty in U.S.-China Rare Earth Rivalry
HSBC Confronts Strategic Crossroads as NAB Seeks Only Retail Arm in Australia Exit
U.S. Chamber Sues Trump Over $100,000 H-1B Visa Fee
Shenzhen Expo Spotlights China’s Quantum Step in Semiconductor Self-Reliance
China Accelerates to the Forefront in Global Nuclear Fusion Race
Yachts, Private Jets, and a Picasso Painting: Exposed as 'One of the Largest Frauds in History'
Australia’s Wedgetail Spies Aid NATO Response as Russian MiGs Breach Estonian Airspace
McGowan Urges Chalmers to Cut Spending Over Tax Hike to Close $20 Billion Budget Gap
Victoria Orders Review of Transgender Prison Placement Amid Safety Concerns for Female Inmates
U.S. Treasury Mobilises New $20 Billion Debt Facility to Stabilise Argentina
French Business Leaders Decry Budget as Macron’s Pro-Enterprise Promise Undermined
Trump Claims Modi Pledged India Would End Russian Oil Imports Amid U.S. Tariff Pressure
×