'Medicare' Email Virus

The 'Medicare' email virus is linked to a group of cybercriminals who try to impersonate Australia's publicly-funded health care insurance scheme to trick their targets into installing a threatening Trojan on their computers. The 'Medicare' email virus is likely to target users in Australia exclusively, but it is possible that the criminals behind the campaign may modify the email to go after users in the United States as well entirely.

Recipients of the 'Medicare' email virus may see a Medicare-branded message, which tells them that they have to review an important file attachment that contains information regarding their health insurance status. The attachment may have a different name, such as 'Medicare - 1214860391.xls' or 'Medicare - 656187332.xls.' Trying to open the attached file may expose users to a prompt, which tells them that this is a protected document, and they have to click 'Enable Content' to access it. However, performing this action will enable the execution of a corrupted macro script that the cybercriminals have embedded in the document – the purpose of the script is to exploit a Microsoft Office vulnerability that would allow the execution of the Ursnif Banking Trojan. Thanks to this payload, the attackers may be able to collect financial information from the compromised system.

If you see a random email from Medicare in your inbox, then we advise you to be extra careful with its contents – if it contains a file attachment that asks you to 'Enable Content,' then it is very likely that you have been targeted by the 'Medicare' email virus. The best measure is to delete the downloaded file, report the email, and delete it. It also is recommended to run a full anti-malware scan to make sure that you did not get any malware installed on your computer.