Universities in the United States have seen a new wave of phishing attacks targeting students and staff. The email messages used the theme of online dating to trick the victim into downloading a Remote Access Trojan (RAT) onto their device so that the attackers can steal sensitive information. The RAT being used is named Hupigon RAT and was previously used by Chinese state-backed threat actors as early as 2010. The RAT was originally using zero-day vulnerabilities which affected versions 6, 7, and 8 of Internet Explorer. The current phishing campaign is believed to be the work of financially motivated criminals, not a state-sponsored threat group. The email includes pictures of two women and asks the victim to select one to connect with on a dating website. Once the link to the online dating profile is clicked, an executable used to install Hupigon is downloaded to the victim’s machine. The campaign was most active from April 14-15, 2020, and sent approximately 80,000 messages to different victims at that time. In total, the campaign sent 150,000 emails throughout 60 different countries, with almost half of the emails targeting education establishments.