Medical Test Results

Methods

phone email sms voicemail chatbot physical

Payloads

doc docx xls xlsx ppt pptx pdf hta exe bat zip xss csrf click-once phishing page ole drive-by-download usb drop cloud hosted file

Goals

cred harvest malware physical access info gather bec

Description

A victim receives an unsolicited email containing medical analysis data from a medical office. In this pretext, the attacker is not sending an email to a victim that they believe is waiting for medical results. Instead, the email is designed to pique the recipient's curiosity to view someone else's medical test results. The actual medical test referenced in the email could vary: Coronavirus, HIV, Blood work, etc. The email contains an attachment with the medical test results; however, that attachment is malware.

Example Email(s)

Source: https://www.proofpoint.com/us/corporate-blog/post/attackers-use-fake-hiv-test-results-target-insurance-healthcare-and

Microsoft Excel workbook containing fake medical data results and malware via macro.

Attacker could grab a real medical analysis pdf from a google search and then embed some type of malware.

Analysis

This would cross a line for ethical hacking purposes. This pretext prays on two things: (1) our natural concern for our health (2) curiosity of information sent to the wrong recipient.

Resources

https://www.proofpoint.com/us/corporate-blog/post/attackers-use-fake-hiv-test-results-target-insurance-healthcare-and